{"id":38127,"name":"in-toto","description":"in-toto is a framework to protect supply chain integrity.","url":"https://github.com/in-toto/in-toto","last_synced_at":"2025-09-05T07:42:05.419Z","repository":{"id":11631157,"uuid":"59531400","full_name":"in-toto/in-toto","owner":"in-toto","description":"in-toto is a framework to protect supply chain integrity.","archived":false,"fork":false,"pushed_at":"2025-05-20T09:39:59.000Z","size":3221,"stargazers_count":925,"open_issues_count":48,"forks_count":143,"subscribers_count":36,"default_branch":"develop","last_synced_at":"2025-05-20T21:12:30.503Z","etag":null,"topics":["new-york-university","secure-systems-lab","security","supply-chain"],"latest_commit_sha":null,"homepage":"https://in-toto.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/in-toto.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.bib","codeowners":null,"security":"SECURITY.md","support":null,"governance":"GOVERNANCE.md","roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-05-24T01:46:38.000Z","updated_at":"2025-05-19T06:52:29.000Z","dependencies_parsed_at":"2023-10-03T07:49:16.393Z","dependency_job_id":"f2c76331-68d0-4590-8251-09d55c3dac1c","html_url":"https://github.com/in-toto/in-toto","commit_stats":{"total_commits":1491,"total_committers":40,"mean_commits":37.275,"dds":"0.49362843729040917","last_synced_commit":"fe5ec9a4fc6eefeae9df2ab424ffeedce190c16d"},"previous_names":[],"tags_count":40,"template":false,"template_full_name":null,"purl":"pkg:github/in-toto/in-toto","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/in-toto","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/sbom","scorecard":{"id":486690,"data":{"date":"2025-08-11","repo":{"name":"github.com/in-toto/in-toto","commit":"d8fa07f5c3c3e052319b1a9b0c06408cdf5b5185"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.9,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/cd.yml:51","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/cd.yml:92","Info: found token with 'none' permissions: .github/workflows/_test.yml:1","Info: found token with 'none' permissions: .github/workflows/cd.yml:1","Info: found token with 'none' permissions: .github/workflows/ci.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":4,"reason":"dependency not pinned by hash detected -- score normalized to 4","details":["Warn: pipCommand not pinned by hash: .github/workflows/_test.yml:44","Warn: pipCommand not pinned by hash: .github/workflows/_test.yml:45","Warn: pipCommand not pinned by hash: .github/workflows/cd.yml:33","Info:   9 out of   9 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":10,"reason":"badge detected: Gold","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":3,"reason":"2 out of the last 5 releases have a total of 2 signed artifacts.","details":["Warn: release artifact v3.0.0 not signed: https://api.github.com/repos/in-toto/in-toto/releases/155717527","Warn: release artifact v2.3.0 not signed: https://api.github.com/repos/in-toto/in-toto/releases/150638471","Warn: release artifact v2.2.0 not signed: https://api.github.com/repos/in-toto/in-toto/releases/136679632","Info: signed release artifact: in_toto-2.1.1-py3-none-any.whl.asc: https://github.com/in-toto/in-toto/releases/tag/v2.1.1","Info: signed release artifact: in_toto-2.1.0-py3-none-any.whl.asc: https://github.com/in-toto/in-toto/releases/tag/v2.1.0","Warn: release artifact v3.0.0 does not have provenance: https://api.github.com/repos/in-toto/in-toto/releases/155717527","Warn: release artifact v2.3.0 does not have provenance: https://api.github.com/repos/in-toto/in-toto/releases/150638471","Warn: release artifact v2.2.0 does not have provenance: https://api.github.com/repos/in-toto/in-toto/releases/136679632","Warn: release artifact v2.1.1 does not have provenance: https://api.github.com/repos/in-toto/in-toto/releases/121012809","Warn: release artifact v2.1.0 does not have provenance: https://api.github.com/repos/in-toto/in-toto/releases/120315937"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'develop'","Info: 'force pushes' disabled on branch 'develop'","Warn: required approving review count is 1 on branch 'develop'","Warn: codeowners review is not required on branch 'develop'","Info: status check found to merge onto on branch 'develop'","Info: PRs are required in order to make changes on branch 'develop'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T17:59:46.902Z","repository_id":11631157,"created_at":"2025-08-19T17:59:46.903Z","updated_at":"2025-08-19T17:59:46.903Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273728004,"owners_count":25157134,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-05T02:00:09.113Z","response_time":402,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"owner":{"login":"in-toto","name":"in-toto","uuid":"22891761","kind":"organization","description":"A framework to protect software supply chain integrity","email":null,"website":"https://in-toto.io/","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/22891761?v=4","repositories_count":41,"last_synced_at":"2024-04-30T15:41:53.687Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/in-toto","funding_links":[],"total_stars":1868,"followers":118,"following":0,"created_at":"2022-11-06T11:20:28.402Z","updated_at":"2024-04-30T15:42:02.554Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/in-toto","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/in-toto/repositories"},"packages":[{"id":8626311,"name":"github.com/in-toto/in-toto","ecosystem":"go","description":null,"homepage":null,"licenses":"other","normalized_licenses":["GPL-1.0+"],"repository_url":"https://github.com/in-toto/in-toto","keywords_array":[],"namespace":null,"versions_count":21,"first_release_published_at":"2018-10-09T16:39:38.000Z","latest_release_published_at":"2024-05-14T14:48:49.000Z","latest_release_number":"v3.0.0+incompatible","last_synced_at":"2025-08-25T06:05:15.753Z","created_at":"2023-12-07T07:23:50.277Z","updated_at":"2025-08-25T06:05:15.753Z","registry_url":"https://pkg.go.dev/github.com/in-toto/in-toto","install_command":"go get github.com/in-toto/in-toto","documentation_url":"https://pkg.go.dev/github.com/in-toto/in-toto#section-documentation","metadata":{},"repo_metadata":{"uuid":"59531400","full_name":"in-toto/in-toto","owner":"in-toto","description":"in-toto is a framework to protect supply chain integrity.","archived":false,"fork":false,"pushed_at":"2023-10-25T11:52:05.000Z","size":2707,"stargazers_count":773,"open_issues_count":49,"forks_count":131,"subscribers_count":40,"default_branch":"develop","last_synced_at":"2023-10-27T06:30:15.797Z","etag":null,"topics":["new-york-university","secure-systems-lab","security","supply-chain"],"latest_commit_sha":null,"homepage":"https://in-toto.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/in-toto.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.bib","codeowners":null,"security":"SECURITY.md","support":null,"governance":null}},"created_at":"2016-05-24T01:46:38.000Z","updated_at":"2023-11-08T16:37:47.322Z","dependencies_parsed_at":"2023-10-03T07:49:16.393Z","dependency_job_id":"f2c76331-68d0-4590-8251-09d55c3dac1c","html_url":"https://github.com/in-toto/in-toto","commit_stats":{"total_commits":1491,"total_committers":40,"mean_commits":37.275,"dds":"0.49362843729040917","last_synced_commit":"fe5ec9a4fc6eefeae9df2ab424ffeedce190c16d"},"previous_names":[],"tags_count":37,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/in-toto","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":175081359,"owners_count":10208788,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"repo_metadata_updated_at":"2023-12-07T07:23:59.005Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":10.770953742775434,"dependent_packages_count":9.552826830390176,"stargazers_count":2.240665560066396,"forks_count":2.3780573165610064,"docker_downloads_count":null,"average":6.235625862448253},"purl":"pkg:golang/github.com/in-toto/in-toto","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/in-toto/in-toto","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/in-toto/in-toto","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/in-toto/in-toto/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2023-11-27T07:40:12.148Z","issues_count":35,"pull_requests_count":124,"avg_time_to_close_issue":22546641.05263158,"avg_time_to_close_pull_request":6580396.3771929825,"issues_closed_count":19,"pull_requests_closed_count":114,"pull_request_authors_count":20,"issue_authors_count":10,"avg_comments_per_issue":4.3428571428571425,"avg_comments_per_pull_request":1.6774193548387097,"merged_pull_requests_count":92,"bot_issues_count":0,"bot_pull_requests_count":44,"past_year_issues_count":24,"past_year_pull_requests_count":108,"past_year_avg_time_to_close_issue":5748554.285714285,"past_year_avg_time_to_close_pull_request":922629.6868686868,"past_year_issues_closed_count":14,"past_year_pull_requests_closed_count":99,"past_year_pull_request_authors_count":14,"past_year_issue_authors_count":6,"past_year_avg_comments_per_issue":2.7916666666666665,"past_year_avg_comments_per_pull_request":1.1018518518518519,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":42,"past_year_merged_pull_requests_count":84,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/issues"},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fin-toto%2Fin-toto/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fin-toto%2Fin-toto/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fin-toto%2Fin-toto/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fin-toto%2Fin-toto/related_packages","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":1951546,"maintainers_count":0,"namespaces_count":741275,"keywords_count":109185,"github":"golang","metadata":{"funded_packages_count":49011},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2025-09-05T05:14:06.439Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},{"id":2768397,"name":"in-toto","ecosystem":"pypi","description":"A framework to define and secure the integrity of software supply chains","homepage":"https://in-toto.io","licenses":"Apache Software License","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/in-toto/in-toto","keywords_array":["security","software","supply chain"],"namespace":null,"versions_count":30,"first_release_published_at":"2017-11-09T19:45:48.000Z","latest_release_published_at":"2024-05-14T15:07:52.000Z","latest_release_number":"3.0.0","last_synced_at":"2025-08-06T20:07:54.086Z","created_at":"2022-04-10T11:19:27.023Z","updated_at":"2025-08-06T20:07:54.086Z","registry_url":"https://pypi.org/project/in-toto/","install_command":"pip install in-toto --index-url https://pypi.org/simple","documentation_url":"https://in-toto.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 5 - Production/Stable","Intended Audience :: Developers","License :: OSI Approved :: Apache Software License","Natural Language :: English","Operating System :: MacOS :: MacOS X","Operating System :: POSIX","Operating System :: POSIX :: Linux","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3.10","Programming Language :: Python :: 3.11","Programming Language :: Python :: 3.8","Programming Language :: Python :: 3.9","Programming Language :: Python :: Implementation :: CPython","Topic :: Security","Topic :: Software Development"],"normalized_name":"in-toto"},"repo_metadata":{"uuid":"59531400","full_name":"in-toto/in-toto","owner":"in-toto","description":"in-toto is a framework to protect supply chain integrity.","archived":false,"fork":false,"pushed_at":"2023-12-13T11:33:47.000Z","size":2842,"stargazers_count":788,"open_issues_count":48,"forks_count":131,"subscribers_count":40,"default_branch":"develop","last_synced_at":"2023-12-13T12:42:52.264Z","etag":null,"topics":["new-york-university","secure-systems-lab","security","supply-chain"],"latest_commit_sha":null,"homepage":"https://in-toto.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/in-toto.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.bib","codeowners":null,"security":"SECURITY.md","support":null,"governance":null}},"created_at":"2016-05-24T01:46:38.000Z","updated_at":"2023-12-10T10:09:48.000Z","dependencies_parsed_at":"2023-10-03T07:49:16.393Z","dependency_job_id":"f2c76331-68d0-4590-8251-09d55c3dac1c","html_url":"https://github.com/in-toto/in-toto","commit_stats":{"total_commits":1491,"total_committers":40,"mean_commits":37.275,"dds":"0.49362843729040917","last_synced_commit":"fe5ec9a4fc6eefeae9df2ab424ffeedce190c16d"},"previous_names":[],"tags_count":37,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/in-toto","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":176167467,"owners_count":10363727,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"in-toto","name":"in-toto","uuid":"22891761","kind":"organization","description":"A framework to protect software supply chain integrity","email":null,"website":"https://in-toto.io/","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/22891761?v=4","repositories_count":36,"last_synced_at":"2023-08-05T12:10:17.351Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/in-toto","created_at":"2022-11-06T11:20:28.402Z","updated_at":"2023-08-05T12:10:17.398Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/in-toto","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/in-toto/repositories"},"tags":[{"name":"v2.1.1","sha":"3bb4dd8070710eac7e8157581c725f23cc4adad4","kind":"tag","published_at":"2023-09-13T18:30:36.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v2.1.1","html_url":"https://github.com/in-toto/in-toto/releases/tag/v2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v2.1.1/manifests"},{"name":"v2.1.0","sha":"0b3c3d2774626aa9a2619bfdb9d2fa46773ed9b6","kind":"tag","published_at":"2023-09-07T16:26:12.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v2.1.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/v2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v2.1.0/manifests"},{"name":"v2.0.0","sha":"3467cd97426af937daa807bd870413782cee6235","kind":"tag","published_at":"2023-05-10T18:51:55.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v2.0.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v2.0.0/manifests"},{"name":"v1.4.0","sha":"978f4306e1f1efa84cab5bb2ab6eabc9da18f25c","kind":"tag","published_at":"2023-04-26T14:07:39.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v1.4.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/v1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.4.0/manifests"},{"name":"v1.3.2","sha":"c07afeb63299681a36946d2f92bacd24d08b044c","kind":"tag","published_at":"2023-03-15T08:07:00.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v1.3.2","html_url":"https://github.com/in-toto/in-toto/releases/tag/v1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.3.2/manifests"},{"name":"v1.3.1","sha":"341db485bb0e0c6399dd9de61d1654d6e43a3520","kind":"tag","published_at":"2023-02-01T15:25:22.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v1.3.1","html_url":"https://github.com/in-toto/in-toto/releases/tag/v1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.3.1/manifests"},{"name":"v1.3.0","sha":"ea4f5f3f31e194ea044b965f22d41d51a06b41b7","kind":"tag","published_at":"2023-01-30T08:50:23.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v1.3.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/v1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.3.0/manifests"},{"name":"v1.2.0","sha":"9a345ad6b6a751056336f2b0e5fd8443d7f5603b","kind":"tag","published_at":"2022-02-08T11:25:29.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v1.2.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.2.0/manifests"},{"name":"v1.1.1","sha":"e8d180f9fbb872dd6955fcc365eb2e285838c8d5","kind":"tag","published_at":"2021-07-27T16:33:15.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v1.1.1","html_url":"https://github.com/in-toto/in-toto/releases/tag/v1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.1.1/manifests"},{"name":"v1.1.0","sha":"cc99c9f3cf0108a49726c20f6d63e5ff235af539","kind":"tag","published_at":"2021-04-30T17:47:25.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v1.1.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.1.0/manifests"},{"name":"v1.0.1","sha":"4d2fe767f403d4fab5bd3670623003ee63bcd92f","kind":"tag","published_at":"2021-03-01T18:10:06.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v1.0.1","html_url":"https://github.com/in-toto/in-toto/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.0.1/manifests"},{"name":"debian/1.0.0-1","sha":"fb9d418e1cb58dc2bc0a1e02365b514fb149e271","kind":"tag","published_at":"2021-02-15T14:13:25.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/debian/1.0.0-1","html_url":"https://github.com/in-toto/in-toto/releases/tag/debian/1.0.0-1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/debian%2F1.0.0-1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/debian%2F1.0.0-1/manifests"},{"name":"debian/1.0.0-2","sha":"c14eb4752b0d9ac8087152ca7fe978687e25a80b","kind":"tag","published_at":"2021-02-15T14:13:02.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/debian/1.0.0-2","html_url":"https://github.com/in-toto/in-toto/releases/tag/debian/1.0.0-2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/debian%2F1.0.0-2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/debian%2F1.0.0-2/manifests"},{"name":"debian/1.0.0-3","sha":"02a9df326ac72099b80b10e6c8b4bfe08217f54f","kind":"tag","published_at":"2021-02-15T14:12:26.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/debian/1.0.0-3","html_url":"https://github.com/in-toto/in-toto/releases/tag/debian/1.0.0-3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/debian%2F1.0.0-3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/debian%2F1.0.0-3/manifests"},{"name":"v1.0.0","sha":"5ede52092c3a5878e17a67fe5a2acc5a27e19e4a","kind":"tag","published_at":"2020-11-23T18:41:28.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v1.0.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v1.0.0/manifests"},{"name":"v0.5.0","sha":"a621c3bf3cbe1dd442b2388c685b3130f032430b","kind":"tag","published_at":"2020-07-13T10:25:33.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v0.5.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.5.0/manifests"},{"name":"v0.4.2","sha":"91ff6479d8f5bd615923293a375ef006854a7aad","kind":"tag","published_at":"2020-01-07T10:53:57.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v0.4.2","html_url":"https://github.com/in-toto/in-toto/releases/tag/v0.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.4.2/manifests"},{"name":"v0.4.1","sha":"47ed23318e6950f691a35aa842aeec744e4cb5e6","kind":"tag","published_at":"2019-10-14T09:39:06.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v0.4.1","html_url":"https://github.com/in-toto/in-toto/releases/tag/v0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.4.1/manifests"},{"name":"v0.4.0","sha":"605c434f56d364a9a9e046e9e22891777c742f0d","kind":"tag","published_at":"2019-09-09T16:58:37.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v0.4.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/v0.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.4.0/manifests"},{"name":"0.3.0","sha":"a481e474d39aae6b77ec8b9ca1597f919b4ada1d","kind":"tag","published_at":"2019-03-22T17:32:25.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.3.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.3.0/manifests"},{"name":"v0.3.0","sha":"a481e474d39aae6b77ec8b9ca1597f919b4ada1d","kind":"tag","published_at":"2019-03-22T17:32:25.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v0.3.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/v0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.3.0/manifests"},{"name":"v0.2.3","sha":"b19ba7296f2261c4d8def6486e431fa00100e3f4","kind":"tag","published_at":"2018-10-09T16:42:09.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v0.2.3","html_url":"https://github.com/in-toto/in-toto/releases/tag/v0.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.2.3/manifests"},{"name":"0.2.3","sha":"b19ba7296f2261c4d8def6486e431fa00100e3f4","kind":"tag","published_at":"2018-10-09T16:42:09.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.2.3","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3/manifests"},{"name":"0.2.3.dev5","sha":"0f2afd3eb18022cf4e694e5c2e525ec30cab3de0","kind":"tag","published_at":"2018-09-28T14:42:46.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.2.3.dev5","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.2.3.dev5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3.dev5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3.dev5/manifests"},{"name":"v0.2.3.dev5","sha":"0f2afd3eb18022cf4e694e5c2e525ec30cab3de0","kind":"tag","published_at":"2018-09-28T14:42:46.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v0.2.3.dev5","html_url":"https://github.com/in-toto/in-toto/releases/tag/v0.2.3.dev5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.2.3.dev5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.2.3.dev5/manifests"},{"name":"0.2.3.dev4","sha":"8766c0c355bb16d6ed390d2c72fec73e788c10fd","kind":"tag","published_at":"2018-09-20T20:24:36.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.2.3.dev4","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.2.3.dev4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3.dev4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3.dev4/manifests"},{"name":"v0.2.3.dev4","sha":"8766c0c355bb16d6ed390d2c72fec73e788c10fd","kind":"tag","published_at":"2018-09-20T20:24:36.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v0.2.3.dev4","html_url":"https://github.com/in-toto/in-toto/releases/tag/v0.2.3.dev4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.2.3.dev4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.2.3.dev4/manifests"},{"name":"v0.2.3.dev3","sha":"2f7ff57587f4a08ed98e643673a54829e0455564","kind":"tag","published_at":"2018-09-20T03:18:47.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v0.2.3.dev3","html_url":"https://github.com/in-toto/in-toto/releases/tag/v0.2.3.dev3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.2.3.dev3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.2.3.dev3/manifests"},{"name":"0.2.3.dev3","sha":"2f7ff57587f4a08ed98e643673a54829e0455564","kind":"tag","published_at":"2018-09-20T03:18:47.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.2.3.dev3","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.2.3.dev3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3.dev3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3.dev3/manifests"},{"name":"v0.2.3.dev2","sha":"0287e0c8fdd9de3433464ab840e8d462b4c74d05","kind":"tag","published_at":"2018-09-14T19:24:01.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/v0.2.3.dev2","html_url":"https://github.com/in-toto/in-toto/releases/tag/v0.2.3.dev2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.2.3.dev2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/v0.2.3.dev2/manifests"},{"name":"0.2.3.dev2","sha":"0287e0c8fdd9de3433464ab840e8d462b4c74d05","kind":"tag","published_at":"2018-09-14T19:24:01.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.2.3.dev2","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.2.3.dev2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3.dev2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3.dev2/manifests"},{"name":"0.2.3.dev1","sha":"93c27a6247c1ec4ff95b1e77e03533f29b8ae8b0","kind":"tag","published_at":"2018-09-13T18:38:22.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.2.3.dev1","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.2.3.dev1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3.dev1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.3.dev1/manifests"},{"name":"0.2.dev3","sha":"e8cb9aac66210f1a11a3afa487224ece769013c6","kind":"tag","published_at":"2018-07-10T20:56:19.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.2.dev3","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.2.dev3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.dev3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.dev3/manifests"},{"name":"0.2.2","sha":"5c8e0cd231efe9e7cf8e88631dc7ee2b3ddc7d0d","kind":"tag","published_at":"2018-03-30T20:44:42.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.2.2","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.2/manifests"},{"name":"0.2.1","sha":"f10ac5d88bad448b4b7da104f8a8fe19eaeae342","kind":"tag","published_at":"2018-02-21T17:37:25.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.2.1","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.1/manifests"},{"name":"0.2.0","sha":"5a60c88227b5db4cce965fca7c541913b9d9248d","kind":"tag","published_at":"2018-01-19T17:46:44.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.2.0","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.2.0/manifests"},{"name":"0.1.1","sha":"460d9de97c8c802b6d3a9eb06978653a808485dd","kind":"tag","published_at":"2017-11-09T19:54:34.000Z","download_url":"https://codeload.github.com/in-toto/in-toto/tar.gz/0.1.1","html_url":"https://github.com/in-toto/in-toto/releases/tag/0.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/tags/0.1.1/manifests"}]},"repo_metadata_updated_at":"2023-12-13T19:53:43.403Z","dependent_packages_count":2,"downloads":35998,"downloads_period":"last-month","dependent_repos_count":34,"rankings":{"downloads":0.9750158151871527,"dependent_repos_count":2.5039362273976677,"dependent_packages_count":3.157820486179293,"stargazers_count":2.282722193852275,"forks_count":4.2025615613326215,"docker_downloads_count":0.7484584956136674,"average":2.3117524632604463},"purl":"pkg:pypi/in-toto","advisories":[{"uuid":"GSA_kwCzR0hTQS1qamdwLXdocnAtZ3E4bc4AAzSn","url":"https://github.com/advisories/GHSA-jjgp-whrp-gq8m","title":"in-toto: PGP trust model not (fully) considered","description":"### Impact\n\nThis security advisory lists multiple concerns about how in-toto uses PGP keys. The findings are aggregated here, because they are all eligible to the same mitigation strategy. Note that the findings are rated with different severities (see inline) and the highest score was chosen for this advisory:\n\n- **PGP Key Creation Time Not Validated** (severity: low)\n  in-toto does not check, if the validity period of a PGP Key (starting with the key creation time) is in the future, when copying the key from GnuPG to a layout, or when verifying signatures. A validity period in the future is usually a sign of a wrong system clock, meaning it can’t be trusted for verifying the validity period. A MITM attacker who is able to manipulate delivered software products might also be able to control the system time by manipulating NTP. In a scenario where an attacker gained control over two expired subkeys with no overlapping validity period, the attacker could set the system time to a time before the validity period of either key, resulting in both keys being accepted.\n\n- **PGP Key Revocation Not Considered** (severity: medium)\n in-toto does not check PGP revocation signatures, when copying the key from GnuPG to a layout, or when verifying signatures. This means that a key may still be accepted in signatures, even if it has been revoked in GnuPG.\n\n- **PGP Key Usage Flags Not Considered** (severity: low)\n  in-toto does not check PGP usage flags, when copying the key from GnuPG to a layout, or when verifying signatures. This means that at a key may still be accepted in signatures, even if it is not permitted to sign data as per its key usage flags.\n\n\nSecurity auditors recommend to verify these properties at signature verification time.\n\nHowever, this is not planned, as in-toto does not rely on PGP’s trust model, because it should not be required to consult with a separate PKI/web-of-trust at verification time. Instead the project owner establishes ultimate trust by adding a PGP public key to a layout, and thus is responsible for its validity, and also to revoke the layout, if the key is no longer trusted. The same is true for PGP public keys used to verify a layout.\n\nThe preferred mitigation strategy is to verify these properties when exporting a public key from GnuPG, and to clarify usage documentation that no verification against the PGP trust model is performed afterwards.\n\n### References\n- \"Handle GPG revocation signatures\" -- https://github.com/secure-systems-lab/securesystemslib/issues/190\n- \"inconsistent use of GnuPG\" -- https://github.com/in-toto/in-toto/issues/569\n\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-05-11T20:48:15.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/in-toto/in-toto/security/advisories/GHSA-jjgp-whrp-gq8m","https://github.com/in-toto/in-toto/issues/569","https://github.com/secure-systems-lab/securesystemslib/issues/190","https://github.com/advisories/GHSA-jjgp-whrp-gq8m"],"source_kind":"github","identifiers":["GHSA-jjgp-whrp-gq8m"],"repository_url":"https://github.com/in-toto/in-toto","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 1.4.0"}],"ecosystem":"pypi","package_name":"in-toto"}],"created_at":"2023-05-11T21:03:21.035Z","updated_at":"2023-05-11T20:48:17.000Z"},{"uuid":"GSA_kwCzR0hTQS13YzY0LWM1cnYtMzJwZs4AAzSm","url":"https://github.com/advisories/GHSA-wc64-c5rv-32pf","title":"in-toto vulnerable to Configuration Read From Local Directory","description":"### Impact\n\nThe in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification [1]. Among the files read is `.in_totorc` which is a hidden file in the directory in which in-toto is run. If an attacker controls the inputs to a supply chain step, they can mask their activities by also passing in an `.in_totorc` file that includes the necessary exclude patterns and settings.\n\nRC files are widely used in other systems [2] and security issues have been discovered in their implementations as well [3]. We found in our conversations with in-toto adopters that `in_totorc` is not their preferred way to configure in-toto. As none of the options supported in `in_totorc` is unique, and can be set elsewhere using API parameters or CLI arguments, we decided to drop support for `in_totorc`.\n\n### Other Recommendations\n\nSandbox functionary code as recommended in https://github.com/in-toto/docs/security/advisories/GHSA-p86f-xmg6-9q4x.\n\n### References\n\n[1] https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html\n[2] https://spec.editorconfig.org/\n[3] https://github.blog/2022-04-12-git-security-vulnerability-announced/\n","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2023-05-11T20:47:56.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.5,"cvss_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","references":["https://github.com/in-toto/docs/security/advisories/GHSA-p86f-xmg6-9q4x","https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf","https://nvd.nist.gov/vuln/detail/CVE-2023-32076","https://github.com/in-toto/in-toto/commit/3a21d84f40811b7d191fa7bd17265c1f99599afd","https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html","https://github.com/in-toto/in-toto/releases/tag/v2.0.0","https://github.com/pypa/advisory-database/tree/main/vulns/in-toto/PYSEC-2023-63.yaml","https://github.com/advisories/GHSA-wc64-c5rv-32pf"],"source_kind":"github","identifiers":["GHSA-wc64-c5rv-32pf","CVE-2023-32076"],"repository_url":"https://github.com/in-toto/docs","blast_radius":8.423134043732404,"packages":[{"versions":[{"first_patched_version":"2.0.0","vulnerable_version_range":"\u003c= 1.4.0"}],"ecosystem":"pypi","package_name":"in-toto"}],"created_at":"2023-05-11T21:03:21.078Z","updated_at":"2023-11-11T05:00:58.000Z"}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/in-toto","docker_dependents_count":37,"docker_downloads_count":1542797,"usage_url":"https://repos.ecosyste.ms/usage/pypi/in-toto","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/in-toto/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2023-12-07T07:24:17.044Z","issues_count":37,"pull_requests_count":135,"avg_time_to_close_issue":22810331.85,"avg_time_to_close_pull_request":5911318.609375,"issues_closed_count":20,"pull_requests_closed_count":128,"pull_request_authors_count":20,"issue_authors_count":10,"avg_comments_per_issue":4.108108108108108,"avg_comments_per_pull_request":1.5703703703703704,"merged_pull_requests_count":104,"bot_issues_count":0,"bot_pull_requests_count":47,"past_year_issues_count":26,"past_year_pull_requests_count":118,"past_year_avg_time_to_close_issue":7220014.466666667,"past_year_avg_time_to_close_pull_request":873334.8660714285,"past_year_issues_closed_count":15,"past_year_pull_requests_closed_count":112,"past_year_pull_request_authors_count":14,"past_year_issue_authors_count":6,"past_year_avg_comments_per_issue":2.576923076923077,"past_year_avg_comments_per_pull_request":1.042372881355932,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":44,"past_year_merged_pull_requests_count":95,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/issues"},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/in-toto/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/in-toto/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/in-toto/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/in-toto/related_packages","maintainers":[{"uuid":"lukpueh","login":"lukpueh","name":null,"email":null,"url":null,"packages_count":4,"html_url":"https://pypi.org/user/lukpueh/","role":null,"created_at":"2023-02-22T06:43:41.894Z","updated_at":"2023-02-22T06:43:41.894Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/lukpueh/packages"},{"uuid":"torresariass","login":"torresariass","name":null,"email":null,"url":null,"packages_count":5,"html_url":"https://pypi.org/user/torresariass/","role":null,"created_at":"2023-02-22T06:43:42.224Z","updated_at":"2023-02-22T06:43:42.224Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/torresariass/packages"},{"uuid":"adityasaky","login":"adityasaky","name":null,"email":null,"url":null,"packages_count":3,"html_url":"https://pypi.org/user/adityasaky/","role":null,"created_at":"2023-02-22T06:43:42.510Z","updated_at":"2023-02-22T06:43:42.510Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/adityasaky/packages"}],"registry":{"name":"pypi.org","url":"https://pypi.org","ecosystem":"pypi","default":true,"packages_count":725027,"maintainers_count":308331,"namespaces_count":0,"keywords_count":238006,"github":"pypi","metadata":{"funded_packages_count":50519},"icon_url":"https://github.com/pypi.png","created_at":"2022-04-04T15:19:23.364Z","updated_at":"2025-09-05T05:40:58.860Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/namespaces"}}],"commits":{"id":596200,"full_name":"in-toto/in-toto","default_branch":"develop","committers":[{"name":"Lukas Puehringer","email":"lukas.puehringer@nyu.edu","login":"lukpueh","count":1021},{"name":"dependabot[bot]","email":"49699333+dependabot[bot]","login":"dependabot[bot]","count":146},{"name":"Santiago Torres","email":"torresariass@gmail.com","login":"SantiagoTorres","count":144},{"name":"Aditya Saky","email":"aditya@saky.in","login":"adityasaky","count":139},{"name":"Dimitri Papadopoulos","email":"3234522+DimitriPapadopoulos","login":"DimitriPapadopoulos","count":71},{"name":"dependabot-preview[bot]","email":"27856297+dependabot-preview[bot]","login":"dependabot-preview[bot]","count":53},{"name":"Rohan Bhiangi","email":"rohanbhirangi17@gmail.com","login":"RohanBhirangi","count":49},{"name":"Pradyumna Krishna","email":"git@onpy.in","login":"PradyumnaKrishna","count":38},{"name":"Michael Zhou","email":"myz227@nyu.edu","login":"michizhou","count":19},{"name":"Shikher","email":"root@shikherverma.com","login":"ShikherVerma","count":19},{"name":"isachit","email":"i.sachitmalik@gmail.com","login":"isachit","count":18},{"name":"Trishank K Kuppusamy","email":"trishank.kuppusamy@datadoghq.com","login":"trishankatdatadog","count":18},{"name":"Dariksha","email":"img_2021021@iiitm.ac.in","login":"DarikshaAnsari","count":14},{"name":"Justin Cappos","email":"justincappos@gmail.com","login":"JustinCappos","count":11},{"name":"Kristel Fung","email":"kristelfung@gmail.com","login":"kristelfung","count":11},{"name":"Ofek Lev","email":"ofekmeister@gmail.com","login":"ofek","count":9},{"name":"Brandon M Hunter","email":"brandonmicahelhunter@live.com","login":null,"count":9},{"name":"Brent Clausner","email":"beclausner@sei.cmu.edu","login":null,"count":7},{"name":"MinchinWeb","email":"w_minchin@hotmail.com","login":"MinchinWeb","count":4},{"name":"Leonidas Spyropoulos","email":"artafinde@gmail.com","login":"inglor","count":3},{"name":"Joshua Lock","email":"jlock@vmware.com","login":"joshuagl","count":3},{"name":"Benjamin Wu","email":"benjaminwu1337@gmail.com","login":"benwuNYC","count":3},{"name":"Vladimir Diaz","email":"vladimir.v.diaz@gmail.com","login":"vladimir-v-diaz","count":3},{"name":"alexsmith15","email":"alexandersmith.atlanta@gmail.com","login":"alexsmith15","count":3},{"name":"Yash Srivastav","email":"admin@yashsriv.org","login":null,"count":2},{"name":"didier","email":"durand.didier@gmail.com","login":"didier-durand","count":2},{"name":"SolidifiedRay","email":"yc3346@nyu.edu","login":"SolidifiedRay","count":2},{"name":"Shekhar Chauhan","email":"shekhar.chauhan@intel.com","login":"shekhar-chauhan","count":2},{"name":"naveensrinivasan","email":"172697+naveensrinivasan","login":"naveensrinivasan","count":1},{"name":"Artyom Baloyan","email":"artiom.baloian@nyu.edu","login":null,"count":1},{"name":"Grace Nguyen","email":"gracenguyen@Graces-MBP-2.attlocal.net","login":null,"count":1},{"name":"Grace Nguyen","email":"gracenguyen@asana.com","login":null,"count":1},{"name":"Spencer Klem","email":"macandtony43@gmail.com","login":"SpencerKlem","count":1},{"name":"Sebastien Awwad","email":"sebastien.awwad@gmail.com","login":"awwad","count":1},{"name":"Ruby Liu","email":"xl2590@nyu.edu","login":"RubyLiu206","count":1},{"name":"Rishit Dagli","email":"rishit.dagli@gmail.com","login":"Rishit-dagli","count":1},{"name":"Radosław Szamszur","email":"radoslawszamszur@gmail.com","login":"rszamszur","count":1},{"name":"IshaDave","email":"62882240+IshaDave","login":"IshaDave","count":1},{"name":"Dunbar-Hall, Ian","email":"ian.dunbar-hall@lmco.com","login":"idunbarh","count":1},{"name":"Daniel Bevenius","email":"daniel.bevenius@gmail.com","login":"danbev","count":1},{"name":"Christian Rebischke","email":"chris@shibumi.dev","login":"shibumi","count":1},{"name":"Chasen Bettinger","email":"bettingerchasen@gmail.com","login":"chasen-bettinger","count":1},{"name":"Alexandre Detiste","email":"alexandre.detiste@gmail.com","login":"a-detiste","count":1}],"total_commits":1838,"total_committers":43,"total_bot_commits":199,"total_bot_committers":2,"mean_commits":42.74418604651163,"dds":0.4445048966267682,"past_year_committers":[{"name":"Dimitri Papadopoulos","email":"3234522+DimitriPapadopoulos","login":"DimitriPapadopoulos","count":71},{"name":"dependabot[bot]","email":"49699333+dependabot[bot]","login":"dependabot[bot]","count":41},{"name":"Dariksha","email":"img_2021021@iiitm.ac.in","login":"DarikshaAnsari","count":14},{"name":"Lukas Puehringer","email":"lukas.puehringer@nyu.edu","login":"lukpueh","count":5},{"name":"Aditya Sirish A Yelgundhalli","email":"aditya@saky.in","login":"adityasaky","count":4},{"name":"Brent Clausner","email":"beclausner@sei.cmu.edu","login":null,"count":4},{"name":"Justin Cappos","email":"justincappos@gmail.com","login":"JustinCappos","count":1}],"past_year_total_commits":140,"past_year_total_committers":7,"past_year_total_bot_commits":41,"past_year_total_bot_committers":1,"past_year_mean_commits":20.0,"past_year_dds":0.4928571428571429,"last_synced_at":"2025-05-14T22:42:32.875Z","last_synced_commit":"d8fa07f5c3c3e052319b1a9b0c06408cdf5b5185","created_at":"2023-03-09T06:35:24.688Z","updated_at":"2025-05-14T22:42:32.917Z","commits_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/commits","host":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2025-09-03T00:00:08.276Z","repositories_count":5480019,"commits_count":853389012,"contributors_count":31098138,"owners_count":906558,"icon_url":"https://github.com/github.png","host_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories"}},"issues_stats":{"full_name":"in-toto/in-toto","html_url":"https://github.com/in-toto/in-toto","last_synced_at":"2025-08-31T10:02:27.813Z","status":null,"issues_count":42,"pull_requests_count":264,"avg_time_to_close_issue":22887437.32,"avg_time_to_close_pull_request":3305252.1983471075,"issues_closed_count":25,"pull_requests_closed_count":242,"pull_request_authors_count":23,"issue_authors_count":13,"avg_comments_per_issue":3.8333333333333335,"avg_comments_per_pull_request":1.0568181818181819,"merged_pull_requests_count":196,"bot_issues_count":0,"bot_pull_requests_count":126,"past_year_issues_count":5,"past_year_pull_requests_count":123,"past_year_avg_time_to_close_issue":633256.0,"past_year_avg_time_to_close_pull_request":385236.6074766355,"past_year_issues_closed_count":3,"past_year_pull_requests_closed_count":107,"past_year_pull_request_authors_count":6,"past_year_issue_authors_count":4,"past_year_avg_comments_per_issue":1.4,"past_year_avg_comments_per_pull_request":0.5447154471544715,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":74,"past_year_merged_pull_requests_count":85,"created_at":"2023-05-14T15:58:47.567Z","updated_at":"2025-09-03T06:47:26.819Z","repository_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto","issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/in-toto%2Fin-toto/issues","issue_labels_count":{"good first issue":6,"X41":5,"documentation":4,"Up for grabs":3,"dependencies":3,"low-prio":2,"enhancement":2,"discussion":2,"python":2,"ITE and Spec compliance":1,"API specification":1,"github_actions":1},"pull_request_labels_count":{"dependencies":221,"python":149,"github_actions":63,"documentation":2,"DO NOT MERGE":2},"issue_author_associations_count":{"MEMBER":31,"CONTRIBUTOR":13,"NONE":7},"pull_request_author_associations_count":{"CONTRIBUTOR":285,"MEMBER":78,"NONE":16,"COLLABORATOR":3},"issue_authors":{"lukpueh":26,"adityasaky":4,"dependabot[bot]":3,"idunbarh":2,"DimitriPapadopoulos":2,"skinny-b":2,"danbev":2,"SantiagoTorres":1,"yashpawar6849":1,"ultrasaurus":1,"joshuagl":1,"shenxianpeng":1,"Ayush9026":1,"DarikshaAnsari":1,"harshitasao":1,"aalsabag":1,"Nikhil52254":1},"pull_request_authors":{"dependabot[bot]":221,"lukpueh":56,"DimitriPapadopoulos":41,"adityasaky":20,"DarikshaAnsari":6,"SolidifiedRay":4,"SpencerKlem":3,"skinny-b":3,"JustinCappos":3,"trishankatdatadog":2,"chasen-bettinger":2,"shekhar-chauhan":2,"idunbarh":2,"PradyumnaKrishna":2,"s-t-e-v-e-n-k":2,"alanssitis":2,"ShubhikaBhardwaj":2,"hojoungjang":1,"danbev":1,"aalsabag":1,"cindykimxp":1,"marmarek":1,"Rishit-dagli":1,"Dentrax":1,"a-detiste":1,"jbogarthyde":1},"host":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2025-09-04T00:00:25.939Z","repositories_count":10079913,"issues_count":31291083,"pull_requests_count":96059117,"authors_count":10693123,"icon_url":"https://github.com/github.png","host_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories","owners_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/owners","authors_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors"},"past_year_issue_labels_count":{"dependencies":2,"python":1,"github_actions":1},"past_year_pull_request_labels_count":{"dependencies":95,"python":69,"github_actions":26},"past_year_issue_author_associations_count":{"CONTRIBUTOR":5,"MEMBER":1,"NONE":1},"past_year_pull_request_author_associations_count":{"CONTRIBUTOR":138,"MEMBER":3,"NONE":2,"COLLABORATOR":1},"past_year_issue_authors":{"dependabot[bot]":2,"DimitriPapadopoulos":2,"lukpueh":1,"skinny-b":1,"yashpawar6849":1},"past_year_pull_request_authors":{"dependabot[bot]":95,"DimitriPapadopoulos":41,"s-t-e-v-e-n-k":2,"lukpueh":2,"skinny-b":2,"adityasaky":1,"JustinCappos":1},"maintainers":[{"login":"lukpueh","count":82,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/lukpueh"},{"login":"adityasaky","count":24,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/adityasaky"},{"login":"JustinCappos","count":3,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/JustinCappos"},{"login":"trishankatdatadog","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/trishankatdatadog"},{"login":"SantiagoTorres","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/SantiagoTorres"}],"active_maintainers":[{"login":"lukpueh","count":3,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/lukpueh"},{"login":"adityasaky","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/adityasaky"},{"login":"JustinCappos","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/JustinCappos"}]},"events":{"total":{"CreateEvent":49,"IssuesEvent":11,"WatchEvent":71,"DeleteEvent":47,"IssueCommentEvent":64,"MemberEvent":1,"PushEvent":80,"PullRequestReviewCommentEvent":14,"PullRequestReviewEvent":72,"PullRequestEvent":148,"ForkEvent":8},"last_year":{"CreateEvent":49,"IssuesEvent":11,"WatchEvent":71,"DeleteEvent":47,"IssueCommentEvent":64,"MemberEvent":1,"PushEvent":80,"PullRequestReviewCommentEvent":14,"PullRequestReviewEvent":72,"PullRequestEvent":148,"ForkEvent":8}},"keywords":["new-york-university","secure-systems-lab","security","supply-chain"],"dependencies":[{"ecosystem":"actions","filepath":".github/workflows/ci.yml","sha":null,"kind":"manifest","created_at":"2023-01-13T16:35:53.083Z","updated_at":"2023-01-13T16:35:53.083Z","repository_link":"https://github.com/in-toto/in-toto/blob/develop/.github/workflows/ci.yml","dependencies":[{"id":6890867521,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v2","direct":true,"kind":"composite","optional":false},{"id":6890867522,"package_name":"actions/setup-python","ecosystem":"actions","requirements":"v2","direct":true,"kind":"composite","optional":false},{"id":6890867523,"package_name":"actions/cache","ecosystem":"actions","requirements":"v2","direct":true,"kind":"composite","optional":false}]},{"ecosystem":"pypi","filepath":"requirements-dev.txt","sha":null,"kind":"manifest","created_at":"2023-01-13T16:35:53.110Z","updated_at":"2023-01-13T16:35:53.110Z","repository_link":"https://github.com/in-toto/in-toto/blob/develop/requirements-dev.txt","dependencies":[{"id":6890867524,"package_name":"tox","ecosystem":"pypi","requirements":"*","direct":true,"kind":"development","optional":false}]},{"ecosystem":"pypi","filepath":"requirements-docs.txt","sha":null,"kind":"manifest","created_at":"2023-01-13T16:35:53.132Z","updated_at":"2023-01-13T16:35:53.132Z","repository_link":"https://github.com/in-toto/in-toto/blob/develop/requirements-docs.txt","dependencies":[{"id":6890867525,"package_name":"sphinx-rtd-theme","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":6890867526,"package_name":"sphinx-argparse","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":6890867527,"package_name":"recommonmark","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false}]},{"ecosystem":"pypi","filepath":"requirements-pinned.txt","sha":null,"kind":"lockfile","created_at":"2023-01-13T16:35:53.157Z","updated_at":"2023-01-13T16:35:53.157Z","repository_link":"https://github.com/in-toto/in-toto/blob/develop/requirements-pinned.txt","dependencies":[{"id":6890867528,"package_name":"attrs","ecosystem":"pypi","requirements":"==22.2.0","direct":false,"kind":"runtime","optional":false},{"id":6890867529,"package_name":"cffi","ecosystem":"pypi","requirements":"==1.15.1","direct":false,"kind":"runtime","optional":false},{"id":6890867530,"package_name":"cryptography","ecosystem":"pypi","requirements":"==39.0.0","direct":false,"kind":"runtime","optional":false},{"id":6890867531,"package_name":"iso8601","ecosystem":"pypi","requirements":"==1.1.0","direct":false,"kind":"runtime","optional":false},{"id":6890867532,"package_name":"pathspec","ecosystem":"pypi","requirements":"==0.10.3","direct":false,"kind":"runtime","optional":false},{"id":6890867533,"package_name":"pycparser","ecosystem":"pypi","requirements":"==2.21","direct":false,"kind":"runtime","optional":false},{"id":6890867534,"package_name":"pynacl","ecosystem":"pypi","requirements":"==1.5.0","direct":false,"kind":"runtime","optional":false},{"id":6890867535,"package_name":"python-dateutil","ecosystem":"pypi","requirements":"==2.8.2","direct":false,"kind":"runtime","optional":false},{"id":6890867536,"package_name":"securesystemslib","ecosystem":"pypi","requirements":"==0.26.0","direct":false,"kind":"runtime","optional":false},{"id":6890867537,"package_name":"six","ecosystem":"pypi","requirements":"==1.16.0","direct":false,"kind":"runtime","optional":false}]},{"ecosystem":"pypi","filepath":"requirements-tox.txt","sha":null,"kind":"manifest","created_at":"2023-01-13T16:35:53.184Z","updated_at":"2023-01-13T16:35:53.184Z","repository_link":"https://github.com/in-toto/in-toto/blob/develop/requirements-tox.txt","dependencies":[{"id":6890867538,"package_name":"pylint","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":6890867539,"package_name":"bandit","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":6890867540,"package_name":"coverage","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false}]},{"ecosystem":"pypi","filepath":"requirements.txt","sha":null,"kind":"manifest","created_at":"2023-01-13T16:35:53.208Z","updated_at":"2023-01-13T16:35:53.208Z","repository_link":"https://github.com/in-toto/in-toto/blob/develop/requirements.txt","dependencies":[{"id":6890867541,"package_name":"securesystemslib","ecosystem":"pypi","requirements":"\u003e=0.26.0","direct":true,"kind":"runtime","optional":false},{"id":6890867542,"package_name":"attrs","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":6890867543,"package_name":"python-dateutil","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":6890867544,"package_name":"iso8601","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":6890867545,"package_name":"pathspec","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false}]},{"ecosystem":"pypi","filepath":"pyproject.toml","sha":null,"kind":"manifest","created_at":"2023-02-16T05:40:15.282Z","updated_at":"2023-02-16T05:40:15.282Z","repository_link":"https://github.com/in-toto/in-toto/blob/develop/pyproject.toml","dependencies":[{"id":7703423296,"package_name":"attrs","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":7703423297,"package_name":"iso8601","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":7703423298,"package_name":"pathspec","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":7703423299,"package_name":"python-dateutil","ecosystem":"pypi","requirements":"*","direct":true,"kind":"runtime","optional":false},{"id":7703423300,"package_name":"securesystemslib","ecosystem":"pypi","requirements":"[crypto]\u003e=0.18.0","direct":true,"kind":"runtime","optional":false}]},{"ecosystem":"pypi","filepath":"setup.py","sha":null,"kind":"manifest","created_at":"2023-10-03T07:49:16.382Z","updated_at":"2023-10-03T07:49:16.382Z","repository_link":"https://github.com/in-toto/in-toto/blob/develop/setup.py","dependencies":[]}],"score":24.913804790503185,"created_at":"2025-09-04T15:51:11.988Z","updated_at":"2025-10-07T08:15:39.337Z","avatar_url":"https://github.com/in-toto.png","language":"Python","category":null,"sub_category":null,"monthly_downloads":35998,"funding_links":[],"readme_doi_urls":[],"works":{},"citation_counts":{},"total_citations":0,"keywords_from_contributors":["cryptocurrencies","version","distributed","yolov5s","xunit-framework","parallel","xunit-test","packaging","dependency-manager","package-management"],"project_url":"https://science.ecosyste.ms/api/v1/projects/38127","html_url":"https://science.ecosyste.ms/projects/38127","bibtex_url":"https://science.ecosyste.ms/projects/38127/export.bibtex","apalike_url":"https://science.ecosyste.ms/projects/38127/export.apalike"}