in-toto
A framework that verifies every step of a software supply chain was carried out as planned, by authorized parties, on un-tampered artifacts.
- Category: Supply Chain
- CNCF maturity: Graduated
- Language: Python (>=3.9)
- License: Apache-2.0
- Repository: in-toto/in-toto
- Documented at commit:
a8ce9ee(2026-05-19)
What it is
in-toto protects the integrity of a software supply chain end to end. A project owner writes a signed layout that lists the steps of the chain (tag, build, test, package) and the functionaries authorized to perform each one. When a functionary runs a step, in-toto records what command ran and which files went in and came out into a signed link file. At release time the layout, the links, and the owner's public keys travel with the product, and in-toto-verify checks that the recorded chain matches the planned one (in_toto/in_toto_verify.py:222).
The Python repository documented here is the reference implementation of the in-toto specification. It ships six command line tools (pyproject.toml:50). The specification itself, and ports in Go, Java, and Rust, live in sibling repositories under the same project.
in-toto is a format and a verification model, not a hosted service. It sits below opinionated layers like SLSA (which expresses build provenance as an in-toto attestation) and alongside Sigstore (which solves the signing and transparency problem).
When to use it
- You need cryptographic proof that a released artifact came from the exact sequence of build steps you defined, with no unauthorized step inserted.
- You want to bind separate CI stages (source, build, package) to specific signing keys and enforce that the output of one stage is the input of the next.
- You are producing or consuming SLSA provenance and want the underlying envelope and verification logic.
- It is a poor fit when you only need to sign a single artifact with no notion of a multi-step chain: a plain Sigstore or GPG signature is simpler.
- It does not manage key distribution or revocation; pair it with TUF or Sigstore for that.
In this deep-dive
- History: origin, milestones, and why it exists.
- Architecture: components and how requests flow.
- Adoption & Ecosystem: who runs it and what surrounds it.
- Internals: the code paths that matter, read from source.
- Getting Started: install and a first working setup.
Sources
- in-toto/in-toto repository
- GitHub API: in-toto/in-toto metadata
- CNCF project page: in-toto
- CNCF: in-toto moves to the Incubator (2022)
- CNCF Announces Graduation of in-toto (2025-04-23)
- InfoQ: CNCF Graduates in-toto
- NYU CCS: in-toto graduates from CNCF
- Sbomify: What Is in-toto?
- USENIX Security 2019: in-toto farm-to-table guarantees
- in-toto/friends: integrations and adopters
- reproducible-builds.org tools
- AquilaX: in-toto vs SLSA vs Sigstore
- SLSA v1.1 FAQ