A framework to secure the integrity of software supply chains

Metadata Examples

Debian This demo metadata shows how the Debian project could use in-toto to secure their version of the grep package.
Seattle Seattle is a fog-computing platform that already ships in-toto metadata with their releases. Here, you can see a pretty-printed version of the seattle metadata.
Don't forget to check out our demos too.