A framework to secure the integrity of software supply chains
What is in-toto?
Try it out
Frequently Asked Questions
This is a thoroughly-reviewed version of the specification (and probably what you're looking for)
If you want to see what are the latest changes and possible features, click this.