Awesome

in-toto Enhancements (ITEs)

Accepted

• ITE-1: in-toto Enhancement Format
• ITE-2: A general overview of combining TUF and in-toto to build compromise-resilient CI/CD
• ITE-3: Real-world example of combining TUF and in-toto for packaging Datadog Agent integrations
• ITE-4: Generic URI Schemes for in-toto
• ITE-5: Disassociate signature envelope specification from in-toto
• ITE-6: Enabling contextual in-toto attestations
• ITE-9: Introducing new in-toto Attestation types

Draft

• ITE-7: Signing & Verification With X509
• ITE-10: Supporting Contextual in-toto Attestations in Layouts
• ITE-11: Verifying Attributes in in-toto Attestations

License

This project is developed under the Apache license.

Acknowledgements

This project is managed by Prof. Santiago Torres-Arias at Purdue University. It is worked on by many folks in academia and industry, including members of the Secure Systems Lab at NYU, and the NJIT Cybersecurity Research Center.

This research was supported by the Defense Advanced Research Projects Agency (DARPA), the Air Force Research Laboratory (AFRL), and the US National Science Foundation (NSF). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of DARPA, AFRL, and NSF. The United States government is authorized to reproduce and distribute reprints notwithstanding any copyright notice herein.