InfoQ: “Software Supply Chain Security Project in-toto Accepted into CNCF Incubator”

The CNCF Technical Oversight Committee (TOC) has accepted the in-toto project as a CNCF incubating project. The in-toto project aims to cryptographically protect the entire software build and delivery process – the “supply chain” – from malicious actors.