In-Toto: Attestations and More for Software Supply Chain Security

This talk focuses on the in-toto framework and its advancements in securing software supply chains. It highlights the introduction of the in-toto Attestation framework, its integration with various systems like Jenkins and Sigstore, and how SLSA recommends its use. The presentation delves into verifying attestations using in-toto layouts, collating attestation types, and provides a recap of other project activities including implementation enhancements and usability improvements.