I am currently working with an application called in-toto, which is a security vulnerability tool. I have successfully set it up on my local laptop and run the initial commands.
Now, I have several private repositories hosted on GitHub, with over 30 users working on these repositories locally. I want to integrate in-toto verification into these repositories to enhance our security measures.
Details:
Environment: Windows 11 Enterprise
Tools Installed: Git Bash, Visual Studio Code, Microsoft Edge, etc.
Repositories: Private, hosted on GitHub
Users: 30+ working locally
What I’ve Done So Far:
Set up in-toto on my local machine.
Run initial commands to verify the setup.
in-toto run ……
in-toto verify ……
What I Need Help With:
How to integrate in-toto verification with our private GitHub repositories.
Best practices for setting up in-toto in a multi-user environment.
Any examples or documentation that could guide me through this process.
how to automate the entire In-toto run and verify commands.
how to configure this in GitHub actions.
You need to sign in to view this answers
Leave feedback about this