Codifying the SDLC with in-toto

in-toto helps ensure product integrity by making transparent what steps were performed, by whom, and in what order.

Michael Lieberman

April 17, 2025

This post is an excerpt from Securing the Software Supply Chain by Michael Lieberman and Brandon Lum. Download the full e-book for free from Kusari.

in-toto is a Cloud Native Computing Foundation project to define the steps and the expected outcomes in the supply chain. in-toto layouts effectively describe the workflow that must be followed to build, test, and deploy software. It specifies what actors — called “functionaries” in in-toto — are allowed to perform what actions against what inputs. This gives the hypothetical Secure Bank a powerful set of rules by which they enforce that the core steps of the SDLC — like writing code, building software, and publishing packages — happens only on approved systems.

There are multiple implementations of the in-toto specification with varying feature sets and compliance with different parts of the spec. Keep this in mind when choosing which one to use. As of this writing, the most popular are in-toto Python and in-toto Golang. Both can be used for generating the metadata that describes the workflow you want to secure — called “layouts” — as well as running the steps in those layouts.

‍

The key elements of an in-toto layout are:

Owner – This is the identity associated with a key that signs the in-toto layout and who end users would validate against to ensure that the layout is valid and comes from an approved party.
Functionaries – Functionaries are the name of the approved identities that are allowed to perform commands to satisfy an in-toto layout. These functionaries are identified by their public keys.
Expected Commands – These are the commands the layout expects an approved functionary to run for a step in the layout.
Expected Materials – These are the rules around inputs used by an expected command in a step in the layout.
Expected Products – These are the rules around outputs that are generated by an expected command in a step in the layout.
Inspection – These are additional steps the end user consuming the in-toto output can take to verify elements of the supply chain.

‍

With in-toto, the Owner would generate the layout, sign it, and distribute it. The Functionaries would perform the actions using in-toto tooling that generates metadata about input files, what commands were run, and output files produced. This is called “link metadata.” At the end when a user is consuming the final artifact generated as part of a supply chain flow, they would run commands to both validate that the link metadata conforms to the layout as well as run any validation commands that can be used as well.

‍

This trivial example should show how our hypothetical Secure Bank could then turn this into a much more realistic supply chain flow describing the process from source code, to build, to packaging, and finally to deployment. The bank could then set up functionaries for all the systems and actors involved: from the developers writing the source code, to the individual build steps pulling down the code, compiling it, testing it, scanning it, packaging it, and publishing it to the artifact repo. Finally, the deployment processes and systems could verify that the artifact has gone through all the right steps, in the right order, and performed by the right systems and actors.

‍

Using an in-toto layout and verifying it mitigates various classes of attacks. Using in-toto and TUF (described in a previous post) helps secure the supply chain. Secure Bank might use in-toto but be worried about how it can distribute the layouts and changes to the layouts securely. What happens if the layout is compromised? This is where TUF can help. TUF sets up a system for securely providing updates to the layouts and ensuring downstream consumers only use TUF-validated layouts.

Like what you read? Share it with others.

Open Source Summit 2022

Takeaways & Learnings

June 23, 2022

Tim Miller

SPIFFE/SPIRE CSI Driver

Overview of the SPIFFE/SPIRE CSI Driver

June 27, 2022

Parth Patel

Not Just Third Party Risk

There’s a misconception in Cybersecurity among some that Software Supply Chain Security is just Third Party Risk Mana...

Codifying the SDLC with in-toto

Other blog posts

Open Source Summit 2022

SPIFFE/SPIRE CSI Driver

Not Just Third Party Risk

Government Memo for Enhancing the Security of the Software Supply Chain

A High Fidelity View of Software Supply Chain

Kusari presenting at KubeCon and Cloud Native SecurityCon NA 2022

The Next Heartbleed?

Kusari's Software Supply Chain Security Overview

Applying Zero Trust to the Software Supply Chain

Figure Out Who's Lurking in Your Supply Chain With Signatures and Attestations

Kusari Open-Sources Spector

GUAC v0.1 Beta Release

Quest to determine the 'G' in GUAC

daBOM Podcast with Tim & DJ

Announcing Helm Chart for GUAC

Case Study: A discussion with Guidewire on GUAC

Announcing the Kusari YouTube Channel and GUACademy

Terror of cURL - Preparation is Half the Battle

Spooky Enhancements: Unveiling GUAC's OpenVEX Feature

What the NSA Missed in its SBOM Management Recommendations

Contributor to Leader: Securing Open Source Software at OpenSSF

Our $8M Funding Round Fuels our Mission to Make the Software Supply Chain Transparent and Secure

Kusari Soaks up Community at FOSDEM and Beyond

From Open Source Community to Joining a Start-up – while in High School

Unveiling GUAC as an OpenSSF Incubating Project for Software Dependency Management

Graph for Understanding Artifact Composition (GUAC) Joins OpenSSF as Incubating Project

XZ Backdoor: Software Security Lessons

Proactive Security in the Post-Log4j Era

Graph for Understanding Artifact Composition (GUAC) adds persistent storage in v0.6.0 release

Another Turn of the Page: GUAC v0.7.0 Released

Counting CVEs Was Never Enough

Kusari Signs the Secure by Design Pledge

To Fork or Not to Fork

Meeting Federal Software Supply Chain Mandates

Achieving Wisdom with GUAC Visualizer

Announcing GUAC v0.8.0 Enhancements

Why Software Cannot Be Secured by SBOMs Alone

Hack-Proof Artificial Intelligence Supply Chains Using Open Source Security

GUAC Boosts License Transparency

Understanding Prevalence is the First Step

You Can’t Fix Issues if You Can’t Find Them

Introducing the Kusari Platform—know your software

Is Your Supply Chain Haunted by CVEs?

The Path to Zero CVEs: Vanquishing Cyber Threats

Is the Internet on Fire? The State of Open Source Security

The Best Way to Secure Your Open Source Supply Chain is to Participate

Rust Won’t Fix Everything: Moving Toward a Memory-Safe Future

Threat Modeling in the Software Development Life Cycle

Solving the “Bottom Turtle” Problem in Supply Chain Security

Software Supply Chain Security Predictions: Hits & Misses from 2024

AI Alone Won’t Fix Your Supply Chain

Software Supply Chain Security Predictions for 2025

Stick a Pin in It: Managing Dependencies for Supply Chain Security

Alarms Raised by Critical Reverse Backdoor Vulnerability in Medical Devices

Unpacking the Kusari Score

Unpacking the Kusari “Effort to Fix” Capability

Building a Foundation of Trust for a Stronger Software Supply Chain

Analyzing Third-Party Risk in Open Source Software

Addressing Third-Party Risk in Open Source Software

Raising the Bar for Open Source Security: Introducing the OSPS Baseline

Unpacking Kusari Platform Views

Starting the Security Journey: Producing an SBOM

The Next Step in the Security Journey: Comparing SBOMs

Another Step on the Security Journey: A Constellation of SBOMs

The Last Step on the Security Journey: Kusari Platform

Securing Your AI Models

GUAC Now Supports Runtime Kubernetes SBOMs using Kubescape

Securing the Software Supply Chain book now available!

Providing Secure Updates with TUF

The Hidden Risk in Your Software: Understanding Transitive Dependencies

Codifying the SDLC with in-toto

The Hidden Risk in Your Software: Managing Transitive Dependencies

VulnCon 2025 recap

Previous

Next

Want to learn more about Kusari?

Sign up for our newsletter