News
| 10/14/19 | Tobias Furuholm presented in-toto at the CASTOR Software Days and shared a video recording and his slides with us. |
| 10/02/19 | Adrian Colyer wrote an article about in-toto in "the morning paper". |
| 07/09/19 | in-toto was featured in the blog post "33(+) Kubernetes security tools." | 06/08/19 | We demonstrated how reproducible builds can be verified on "apt install" using in-toto at MiniDebConf Hamburg. You can watch it online. |
| 06/03/19 | Datadog has deployed TUF and in-toto into their pipeline! Read more here. |
| 05/22/19 | We hosted a TUF deep dive session featuring in-toto at KubeCon Europe. A recording is available on YouTube. |
| 06/01/19 | Our paper "in-toto: providing farm-to-table security properties for bits and bytes" was accepted into USENIX '19 More information about it here |
| 02/13/19 | We've worked alongside with Control Plane to make a test deployment of Kubesec using in-toto. |
| 01/07/19 | We released the first version of the official in-toto Jenkins plugin. This provenance Agent will help you track and sign link metadata for any step within your pipeline in a secure and distributed way. | 10/19/18 | Colin Domoney gave a talk on this year's DevSecCon London. He covered some of the fundamentals of in-toto to protect your cloud native deployment, as well as some other good supply-chain security practices. |
| 05/29/18 | Pacman 5.1 has been released!. This new version adds support for reproducible builds, and includes a security check for tampered git tag metadata. |
| 05/17/18 | A LWN article has been published, covering various supply chain security issues and their solutions, including grafeas, the update framework, and in-toto. |
| 05/02/18 | We presented in-toto along with Grafeas in Kubecon 2018. |
| 04/12/18 | Grafeas mentioned the in-toto integration plans on today's Google Cloud platform blog. | 03/03/18 | Our le-git-imate paper on improving the security of web-based Git repositories has been accepted at ASIACCS 2018! |
| 02/20/18 | We will present an integration of in-toto and Grafeas at KubeCon + CloudNativeCon Europe 2018 on May 2 in Copenhagen, Denmark. |
| 10/17/17 | A fix to our git tag metadata tampering attack paper [USENIX'16] has been included in the master branch of the pacman package manager and will be included in the next release. |
| 08/10/17 | Lukas presented in-toto at Debian's Debconf 2017. You can watch the video of the talk here. |
| 02/06/17 | We presented a demo of in-toto at Dockercon 2017. You can watch the video here. |
| 01/17/17 | A fix to our git tag metadata tampering vulnerability was merged into git's master branch and will be available starting from git v2.12. You can read more about it in our [USENIX'16] paper. |
| 10/14/16 | We presented a demo of in-toto in the Docker Distributed System Summit. You can watch the video here. |
| 10/07/16 | We are live! please check back soon for more updates. |