In-Toto

in-toto Go Implementation

A Go implementation of the in-toto specification that enables supply chain integrity verification in Go-based build and deployment pipelines. It provides the same core functionality as the Python reference implementation including generating link metadata, creating layouts, and verifying supply chains. It supports ITE-7 for X.509-based signing via SPIFFE/SPIRE integration.

GitHub

Documentation

📖
Documentation
https://pkg.go.dev/github.com/in-toto/in-toto-golang

SDKs

📦
GitHubRepository
https://github.com/in-toto/in-toto-golang

API entry from apis.yml

apis.yml Raw ↑ 
aid: in-toto:in-toto-golang
name: in-toto Go Implementation
description: A Go implementation of the in-toto specification that enables supply chain integrity verification
  in Go-based build and deployment pipelines. It provides the same core functionality as the Python reference
  implementation including generating link metadata, creating layouts, and verifying supply chains. It
  supports ITE-7 for X.509-based signing via SPIFFE/SPIRE integration.
humanURL: https://github.com/in-toto/in-toto-golang
image: https://kinlane-productions2.s3.amazonaws.com/apis-json/apis-json-logo.jpg
properties:
- type: Documentation
  url: https://pkg.go.dev/github.com/in-toto/in-toto-golang
- type: GitHubRepository
  url: https://github.com/in-toto/in-toto-golang
tags:
- Go
- Implementation
- SDK
- Supply Chain