in-toto

A framework to secure the integrity of software supply chains

News

10/17/17 A fix to our git tag metadata tampering attack paper [USENIX'16] has been included in the master branch of the pacman package manager and will be included in the next release.
08/10/17 Lukas presented in-toto at Debian's Debconf 2017. You can watch the video of the talk here.
02/06/17 We presented a demo of in-toto at Dockercon 2017. You can watch the video here.
01/17/17 A fix to our git tag metadata tampering vulnerability was merged into git's master branch and will be available starting from git v2.12. You can read more about it in our [USENIX'16] paper.
14/10/16 We presented a demo of in-toto in the Docker Distributed System Summit. You can watch the video here.
07/10/16 We are live! please check back soon for more updates.