In-Toto

in-toto Attestation Framework

The in-toto Attestation Framework provides a specification for generating verifiable claims about any aspect of how a piece of software is produced. It defines a fixed lightweight Statement structure with a subject and predicate, and a set of standard predicate types covering common use cases such as SLSA provenance. A future version of the in-toto specification will incorporate this framework as the primary mechanism to express supply chain claims.

Documentation GitHub

API entry from apis.yml

aid: in-toto:in-toto-attestation-framework
name: in-toto Attestation Framework
description: The in-toto Attestation Framework provides a specification for generating verifiable claims
  about any aspect of how a piece of software is produced. It defines a fixed lightweight Statement structure
  with a subject and predicate, and a set of standard predicate types covering common use cases such as
  SLSA provenance. A future version of the in-toto specification will incorporate this framework as the
  primary mechanism to express supply chain claims.
humanURL: https://github.com/in-toto/attestation
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
properties:
- type: Documentation
  url: https://github.com/in-toto/attestation/blob/main/README.md
- type: Reference
  url: https://github.com/in-toto/attestation/tree/main/spec/v1
- type: GitHubRepository
  url: https://github.com/in-toto/attestation
- type: JSONSchema
  url: json-schema/in-toto-attestation-schema.json
- type: JSON-LD
  url: json-ld/in-toto-context.jsonld
tags:
- Attestation
- SLSA
- Specification
- Supply Chain

in-toto Attestation Framework

Documentation

Specifications

SDKs

Schemas & Data

Other Resources

API entry from apis.yml