Software supply chain protection

Supply chain compromises are becoming a frequent occurrence. in-toto can help you to make a sandwich.

Open, extensible standard

in-toto is an open metadata standard that you can implement in your software's supply chain toolchain.

Extensive tooling

You can use in-toto today by using our Apache-licensed libraries and tools.