About in-toto

in-toto is designed to ensure the integrity of a software product from initiation to end-user installation. It does so by making it transparent to the user what steps were performed, by whom and in what order.

To learn more, see What is in-toto and Overview.


The in-toto project is managed by the Linux Foundation under the Cloud Native Computing Foundation. Contributors and maintainers are governed by the CNCF Community Code of Conduct. For details, see Governance.


This research was supported by the US National Science Foundation (NSF), the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of NSF, DARPA and AFRL. The United States Government is authorized to reproduce and distribute reprints notwithstanding any copyright notice herein.