 | in-toto provides a framework to protect the integrity of the software supply chain, ensuring the integrity and security of software products from launch to end-user installation. It specifies which steps of the software provisioning process should be performed, by whom and in what order. In-toto requires the project owner to create a layout that lists the sequence of steps in the software supply chain and who is authorized to perform those steps. When a worker executes a step, information about the commands used and associated files is collected and stored in a linked metadata file. This linked document provides the evidence needed to establish a continuous chain that can… |
#Supply #Chain #Integrity #Protection #Framework #intoto