Specification and other related documents.
- You can read the current version of the specification here.
- The latest stable version (1.0) is here.
The documentation can be generated into a printable PDF by compiling the markdown file.
make pdf
There are a couple of repositories within this organization that you can use to play around and better understand in-toto. Here's a list of them along with a brief description.
- demo: This is a very basic dummy supply chain example to help you understand the in-toto python toolchain. We recommend getting started here.
- kubectl-in-toto: Inside of this repository, you will find a demo to test a kubectl in-toto plugin to scan containers in your kubernetes deployment against in-toto metadata.
- demo OpenSUSE: This repository uses the OpenSUSE build toolchain to exemplify how in-toto could be integrated inside of OpenSUSE-based distros.
- totoify-grafeas: This repository provides an interface that converts standard in-toto links into Grafeas occurrences, and back for use in an in-toto verification workflow.
- layout-web-tool: The layout-web-tool is a simple Flask-based web app that walks users through creating an in-toto layout.
Along with this Docs repository, the in-toto enhancements (ITE) repository contains information about features, recommendations and other extensions that are not part of the core specification