← All Tags
# supply-chain in-toto

2 links tagged with all of: supply-chain + in-toto

Click any tag below to further narrow down your results

+ witness (1) + security (1) + cli-tool (1) + software-security (1) + cncf (1) + open-source (1)

Links

CNCF Announces Graduation of in-toto Security Framework, Enhancing Software Supply Chain Integrity Across Industries

The Cloud Native Computing Foundation has announced the graduation of in-toto, a software supply chain security framework developed at NYU Tandon, which enhances software integrity by verifying every step in the development lifecycle. With rising supply chain attacks, in-toto's capabilities to ensure trust and compliance are increasingly vital for organizations seeking secure innovation. The project has evolved from academic research to an industry standard, supported by major funding agencies and notable adoption by companies like SolarWinds and Autodesk.
Saved by tldr-importer · Last saved October 29, 2025 · 3 min read
+ software-security supply-chain ✓ + cncf in-toto ✓ + open-source

GitHub - in-toto/witness: Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

Witness is a dynamic CLI tool that enhances software supply chain security by creating an audit trail throughout the software development lifecycle (SDLC) using the in-toto specification. It features a policy engine for enforcement, supports various integrations, and allows for keyless signing and attestation storage. The tool is maintained by the open community and offers both free and commercial support options.
Saved by tldr-importer · Last saved October 29, 2025 · 1 min read
+ witness supply-chain ✓ + security in-toto ✓ + cli-tool