What Is in-toto and How Does It Protect the Software Supply Chain?
Software supply chain attacks, like those seen in recent years – 3CX, Codecov, and Solarwinds – have highlighted the fragility of traditional development pipelines. In response, the open-source community developed in-toto, a framework to ensure integrity at every step of software delivery. In-toto creates a verifiable record of the entire software development lifecycle – from initial coding to final deployment – ensuring each step is executed by authorized entities in the correct order. By attaching cryptographic signatures and metadata (“attestations”) to each phase of the build process, in-toto makes it nearly impossible for an attacker to slip in malicious changes unnoticed. This comprehensive approach prevents tampering, catches unauthorized modifications, and proves the provenance of every component in your software, greatly reducing the risk of costly breaches.
Key benefits of in-toto include:
- End-to-End Integrity: Every action in the CI/CD pipeline is signed and logged, so you can verify that only trusted processes performed each step. If anything in the chain is altered or out of order, in-toto will detect it.
- Tamper Resistance: In-toto’s attestations ensure that if a build artifact or component was tampered with, you have cryptographic evidence of the mismatch, thwarting supply chain attacks before they reach users.
- Compliance and Transparency: By recording who did what (and when), in-toto strengthens compliance with evolving cybersecurity standards and regulations. It aligns with initiatives like software bills of materials (SBOMs) and frameworks such as SLSA (Supply-chain Levels for Software Artifacts) that demand greater supply chain transparency.
- Trust and Reliability: With in-toto, organizations can prove the integrity of their software to customers and auditors. Each release comes with evidence that it was built in a secure, trusted manner, increasing confidence in its reliability.
In practice, adopting in-toto means inserting security checks throughout your development process. For example, a build step would generate a signed “link” file attesting to the inputs (source code, dependencies) and outputs (images, containers, binaries) of that step. Downstream steps verify those links before proceeding. This way, if an attacker tries to inject malicious code or use an unapproved component, the missing or invalid signature can trigger stopping the pipeline. The result is a chain of custody for software – much like tracking ingredients in a recipe – that ensures nothing unknown or unauthorized gets baked into your final product.
In-toto: From Academic Project to Cutting-Edge Framework
On April 23, 2025, in-toto reached a major milestone: the Cloud Native Computing Foundation (CNCF) announced in-toto’s graduation to the highest maturity level as an open-source project. CNCF Graduation status is reserved for projects that have proven their stability, adoption, and community support. In-toto’s journey began as a research project at NYU Tandon School of Engineering, and it has now “evolved into an industry standard” for supply chain security. According to Justin Cappos, the NYU professor who helped create in-toto, this achievement validates in-toto’s pioneering approach to software security and demonstrates its real-world impact in combating modern threats.
So what makes in-toto a cutting-edge, mature framework today? First, it has strong backing and broad adoption. In-toto is already used in production by companies like SolarWinds, and it’s integrated into industry standards such as OpenVEX and Google’s SLSA framework. In fact, in-toto’s specification reached version 1.0 in 2023, reflecting community consensus on its stability. The framework has also benefited from support by major research agencies (including the NSF and DARPA) ensuring ongoing innovation.
With software supply chain attacks on the rise, the timing of in-toto’s maturity is ideal. “As software supply chain threats grow in scale and complexity, in-toto enables organizations to confidently verify their development workflows, reducing risk, enabling compliance, and ultimately accelerating secure innovation,” said Chris Aniszczyk, CTO of CNCF. In-toto’s graduation signals that the framework is battle-tested and ready for prime time. For CISOs and DevSecOps leaders, it means there’s now a proven, community-vetted solution to implement zero-trust principles in the development pipeline. The next question is: how do you adopt in-toto in your organization efficiently and frictionlessly?
Frictionless In-Toto Implementation with ScribeHub and Valint
While in-toto provides the blueprint for supply chain security, implementing it from scratch can be complex. Organizations would need to instrument their CI/CD pipelines to generate and verify cryptographic attestations at each step, manage cryptographic keys or use Sigstore, store all the metadata, define policy rules, and integrate failure gates – all without slowing down developers. The best solution to achieve this seamlessly is to use a platform built for the job. Scribe Security’s “ScribeHub” platform, together with its Valint tool, offers a frictionless way to embed in-toto principles into your SDLC.
ScribeHub is a comprehensive software supply chain security platform that automates integrity and compliance checks across the entire software factory – from development through deployment. It employs a secure-by-design, zero-trust approach: automating machine-readable attestations and applying “guardrails-as-code” gates throughout the pipeline. In essence, ScribeHub integrates with your development tools and cloud environment to continuously record evidence of what’s happening in each build, and to enforce security policies without manual intervention. Importantly, Scribe’s approach is built to minimize friction with development teams. By baking security into the pipeline (rather than adding out-of-band reviews or extra steps for developers), ScribeHub ensures security is continuous and transparent. Developers can keep their fast agile pace, while Scribe works behind the scenes to catch anomalies and ensure every release is trustworthy.
At the heart of this is Valint – Scribe Security’s Validation Integrity tool. Valint is a powerful CLI and policy engine that provides organizations with a way to enforce security policies “using the simple concept of signing and verifying data.” In fact, Valint stands for Validation + Integrity, and it generates and checks the cryptographic evidence needed to prove your software’s integrity. It can produce and verify attestations (digital evidence) for all kinds of software artifacts: directories of source code, individual files, container images, even entire Git repositories. You can run Valint as a standalone CLI in your CI pipeline or use it as part of the integrated ScribeHub service. Either way, it brings the core idea of in-toto – signed verifiable supply chain metadata – into practice in a convenient form.
Under the hood, Valint leverages the best of modern supply-chain security tech. The latest release of Valint builds on frameworks like SLSA for provenance, OPA for policy enforcement, Sigstore for keyless signing, and uses OCI registries for storing attestations. In other words, Scribe has assembled an arsenal of open standards to ensure that the attestations and checks in your pipeline are robust and interoperable. For example, Scribe’s platform can automatically perform continuous code signing and provenance tracking using in-toto attestations – all of which help thwart tampering attacks before they impact your software.
So how does this work in a real CI/CD pipeline? ScribeHub integrates directly with your build system (whether it’s Jenkins, GitHub Actions, GitLab, etc.) to capture signed, machine-verifiable attestations at every stage of development. From the moment a developer commits code, Scribe’s Valint tool can record a signed statement of that commit. As the code moves through build, test, and deployment stages, each step generates its own attestation (for instance, “Build completed with these inputs, producing this artifact, at this time, by this process, signed by key X”). These attestations are stored in a tamper-proof way (e.g. an OCI artifact registry or Scribe’s evidence store) for later auditing. More importantly, they are immediately validated against your security policies. ScribeHub allows security teams to define policies (as code) that describe the expected conditions of the pipeline – for example, “All artifacts must be signed by our build service,” or “No container may be deployed if it contains critical vulnerabilities that are publicly known to be exploitable (KEV).” These policies are enforced in real-time. As each attestation or SBOM is generated, Valint verifies it, and ScribeHub’s policy engine (powered by OPA) checks for compliance.
If everything looks good, the pipeline proceeds without interruption. If a violation is found, ScribeHub can “gate” the release by halting the pipeline or flagging the issue for review. For instance, if an expected signature or build attestation is missing, or if an artifact’s hash function doesn’t match what it should be, Scribe will catch it before that build is promoted. These automated guardrails act as quality gates: a missing or incorrect attestation is treated as a failed check, so the risky build never makes it to production. In practice, this might mean a failed build job with a clear error message, or a JIRA ticket automatically created for the security team, depending on how you configure the response. This approach ensures that software supply chain policy is automatically enforced by code, not by after-the-fact manual reviews. As Scribe’s CEO puts it, “You can’t rely on people to remember policies when they’re shipping 10 builds a day… The rules need to be baked into the process and enforced by the pipeline”.
By integrating in-toto’s attestations and automated policy checks, ScribeHub essentially provides an immune system for your SDLC. It verifies the integrity and provenance of every component, and it gates any violations that could lead to a software supply chain compromise. For example, if malware somehow made its way into a dependency or a developer’s credentials were hijacked to sign a malicious build, the abnormal evidence (or lack of expected evidence) would trigger Scribe’s controls, stopping the release and alerting your team. This gives CISOs ,product security leaders and DevSecOps practitioners peace of mind that only vetted, secure code is deployed, without having to personally inspect every change. And thanks to the automation and integration, all of this happens with minimal drag on your development velocity – security is embedded but not obstructive.
Ready to See Real Product Security in Action?
In-toto’s graduation and the emergence of tools like ScribeHub signal that real product security – the kind that provides end-to-end supply chain integrity – is no longer a distant ideal but an achievable goal today. Forward-thinking CISOs, product security leads, and DevSecOps practitioners are already leveraging these solutions to protect their organizations and comply with new regulations. If you’re interested in fortifying your software factory without piling on developer friction, we invite you to reach out to Scribe Security for a demo. See for yourself how in-toto’s principles, implemented through ScribeHub and Valint, can transform your SDLC into a tamper-proof, transparent, and compliant process. Contact us to explore a live demo and take the next step towards a truly secure and trusted software supply chain. Your developers can keep innovating at full speed – and you’ll sleep easier knowing that every build is guarded by the cutting edge of supply chain security. We’d love to show you how it works!
This content is brought to you by Scribe Security, a leading end-to-end software supply chain security solution provider – delivering state-of-the-art security to code artifacts and code development and delivery processes throughout the software supply chains. Learn more.
Related posts
