Skip to content

Adoption & Ecosystem

Who uses it

The flagship production deployment is Datadog, documented in the USENIX Security 2019 paper. The remaining adopters and integrations below are listed in the project's own in-toto/friends registry.

OrganisationUse caseSource
DatadogProtects the CI/CD of the agent and its integrations; tag steps signed with a hardware dongle, CI with online keys, distributed alongside TUFUSENIX 2019
Debian / Reproducible Buildsrebuilderd records rebuild results as in-toto links; apt-transport-in-toto verifies k-of-n rebuilder metadata at installreproducible-builds.org, in-toto/friends
Sigstore / cosignSigns in-toto metadata with keyless signing; used in cosign SLSA provenance generationin-toto/friends
Tekton ChainsObserves TaskRuns and generates in-toto attestationsin-toto/friends
GitHubArtifact attestations carry SLSA build provenance and SBOM as in-toto predicate typesin-toto/friends
GUAC / GrafeasGUAC ingests SLSA/in-toto attestations; Grafeas supports in-toto link metadatain-toto/friends
Lockheed MartinListed as an adopting organisation in the friends registryin-toto/friends

Adoption signals

For the Python reference repository (in-toto/in-toto), the GitHub API reported 1,009 stars, 155 forks, and 35 watchers, with the repository created on 2016-05-24 (observed 2026-06-22, GitHub API). These numbers cover only the Python implementation; the wider ecosystem (the specification, the attestation framework, and the Go, Java, and Rust ports) is larger. in-toto reached CNCF Graduated status in 2025, the maturity tier reserved for projects with demonstrated production adoption (CNCF announcement).

Ecosystem

in-toto's attestation framework (ITE-6, in-toto Enhancement 6) defines the statement/subject/predicate envelope that other supply chain tools fill in. SLSA Provenance is expressed as a predicate type on top of this envelope (SLSA v1.1 FAQ). Sigstore provides keyless signing for in-toto metadata, Tekton Chains and GitHub artifact attestations produce it, and GUAC and Grafeas consume and aggregate it (in-toto/friends).

Alternatives

These are layers rather than direct competitors: in-toto is the format and verification model, SLSA is the requirements specification on top, and Sigstore solves signing and transparency. A typical pipeline combines all three.

AlternativeDiffers by
SLSAA requirements spec, not a tool; uses in-toto attestations as the vehicle for provenance and demands signed provenance at L2/L3 (SLSA v1.1 FAQ)
SigstoreSolves key management with short-lived OIDC certificates and the Rekor transparency log; fills in-toto's signing layer rather than replacing it (AquilaX)
TUFProtects the distribution channel against compromise; complementary, and Datadog uses both (USENIX 2019)
Grafeas / GUACMetadata API and attestation aggregation respectively; consume in-toto data rather than generate the chain-of-custody proof (in-toto/friends)