Framework to secure integrity of software supply chains
A framework to secure the integrity of software supply chains https://in-toto.io/
-h, --help help for in-toto
- in-toto completion - Generate completion script
- in-toto gendoc - Generate in-toto-golang's help docs
- in-toto key - Key management commands
- in-toto match-products - Check if local artifacts match products in passed link
- in-toto record - Creates a signed link metadata file in two steps, in order to provide evidence for supply chain steps that cannot be carried out by a single command
- in-toto run - Executes the passed command and records paths and hashes of 'materials'
- in-toto sign - Provides command line interface to sign in-toto link or layout metadata
- in-toto verify - Verify that the software supply chain of the delivered product