Source: https://in-toto.io/

in-toto tackles a nowadays critical part of the software delivery process. Its main purpose it to protect the integrity of the software supply chain, so it proofs the integrity of each artifact per delivery step. It is designed as an open meta data framework so you are able to integrate it into your CI/CD pipeline and you are not bound to any specific tooling.

Source: https://in-toto.io/

in-toto is listed at the CNCF Sandbox Project page, however we couldn't find an official request at the CNCF TOC.

Links