-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #11 from DarikshaAnsari/patch-newpages
Added New pages
- Loading branch information
Showing
15 changed files
with
135 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| --- | ||
| title: in-toto demo | ||
| linkTitle: Demo | ||
| weight: 8 | ||
| --- | ||
|
|
||
| In this demo, we will use in-toto to secure a software supply chain with a very | ||
| simple workflow. Bob is a developer for a project, Carl packages the software, | ||
| and Alice oversees the project. Using in-toto's terminology: | ||
|
|
||
| - **Alice** is the project owner - she creates and signs the software supply | ||
| chain layout with her private key. | ||
| - **Bob** and **Carl** are project functionaries - they carry out the steps of | ||
| the software supply chain as defined in the layout. | ||
|
|
||
| For the sake of demonstrating in-toto, you will perform all parts of the | ||
| software supply chain. This means you will execute commands on behalf of Alice, | ||
| Bob, and Carl, as well as the client who verifies the final product. | ||
|
|
||
| For further steps, please refer to the | ||
| [demo](https://github.com/in-toto/demo/blob/main/README.md). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| --- | ||
| title: in-toto Ecosystem | ||
| linkTitle: Ecosystem | ||
| description: Ecosystem of in-toto adopters and integrations. | ||
| cascade: { type: docs } | ||
| menu: { main: { weight: 20 } } | ||
| --- |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| --- | ||
| title: Adopters | ||
| description: Projects and organizations using in-toto. | ||
| --- | ||
|
|
||
| This section lists organizations or individuals who have adopted the project and | ||
| are using it in their workflows or systems. These adopters contribute to the | ||
| project's ecosystem and showcase its real-world usage across various domains. | ||
|
|
||
| | Organization | | Description | | ||
| | ------------ | ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | ||
| | Datadog | <img src="img/Datadog_logo.png" width="50" height="50"> | Datadog uses in-toto to secure its agent integrations as they move through the company's CI/CD system. | | ||
| | OpenVEX | <img src="img/OpenVEX_logo.png" width="50" height="50"> | OpenVEX documents are designed to be self-sustaining, but the specification is designed to benefit from the in-toto attestation format completing VEX statements with data outside of the OpenVEX predicate. | | ||
| | SLSA | <img src="img/SLSA_logo.svg" width="50" height="50"> | Supply chain Levels for Software Artifacts, or SLSA, is a framework that provides a series of requirements and controls. | | ||
| | SolarWinds | <img src="img/Solarwinds_Logo.png" width="50" height="50"> | SolarWinds is an American company that provides information technology services and software to other companies and government agencies. | |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
61 changes: 61 additions & 0 deletions
61
content/en/ecosystem/integreations/img/Testifysec_logo.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| --- | ||
| title: Integrations | ||
| description: Projects and products with in-toto integrations. | ||
| --- | ||
|
|
||
| This section lists software systems, services, or platforms that integrate with | ||
| the project to provide additional functionality, interoperability, or | ||
| compatibility. These integrations enhance the project's capabilities and extend | ||
| its usefulness across various ecosystems. | ||
|
|
||
| | Organization | | Description | | ||
| | ------------- | ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | GitLab | <img src="img/Gitlab_logo.png" width="50" height="50"> | GitLab is a popular Git server that also provides CI/CD integrations. | | ||
| | Grafeas | <img src="img/Grafeas_logo.png" width="50" height="50"> | Grafeas is an open source metadata API that is used to store metadata relevant to software supply chains. Grafeas includes support for in-toto link metadata. | | ||
| | GUAC | <img src="img/Guac_logo.png" width="50" height="50"> | GUAC has the ability to ingest and parse SLSA and other in-toto ITE6 attestations (either wrapped in DSSE or standalone). | | ||
| | Hoppr | | Hoppr leverages the in-toto python package to generate in-toto layout files based on a hoppr transfer configuration. | | ||
| | Jenkins | <img src="img/Jenkins_logo.png" width="50" height="50"> | The in-toto team maintains a plugin for Jenkins that can be used to generate in-toto metadata pertaining to a particular build or "job". | | ||
| | rebuilderd | | Rebuilderd is a build system project part of Reproducible Builds. When the result of a rebuild is positive, i.e., the build process is found to be reproducible, rebuilderd generates an in-toto link recording this result. | | ||
| | Sigstore | <img src="img/Sistore_logo.png" width="50" height="50"> | In-toto and Sigstore are complementary in their efforts, and Sigstore integrates in-toto in a number of ways. Sigstore's keyless signing can be used to sign in-toto metadata, as demonstrated by Cosign's SLSA Provenance generation. | | ||
| | Tekton Chains | <img src="img/Tekton_logo.png" width="50" height="50"> | Tekton Chains is a component for Tekton that adds software supply chain security. Chains observes all "TaskRuns" or jobs that are executed, and generates an in-toto attestation. | | ||
| | TestifySec | <img src="img/Testifysec_logo.svg" width="50" height="50"> | TestifySec is a software supply chain security company that has created two open source projects that leverage in-toto. Witness and Archivista. | |