gittuf

gittuf is a platform-agnostic Git security system. The maintainers of a Git repository can use gittuf to protect the contents of a Git repository from unauthorized or malicious changes. Most significantly, gittuf’s policy controls and enforcement is not tied to your source control platform (SCP) or “forge”, meaning any developer can independently verify that a repository’s changes followed the expected security policies. In other words, gittuf removes the forge as a single point of trust in the software supply chain!

gittuf is an incubating project at the Open Source Security Foundation (OpenSSF) as part of the Supply Chain Integrity Working Group.

Website

GitHub

Slack

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

gittuf

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox