- libc6 (>= 2.34)
gittuf is a security layer for Git repositories. With gittuf, any
developer who can pull from a Git repository can independently verify
that the repository's security policies were followed. gittuf's policy,
inspired by The Update Framework (TUF) (https://theupdateframework.io/),
handles key management for all trusted developers in a repository,
allows for setting permissions for repository branches, tags, files,
etc., protects against other attacks
(https://ssl.engineering.nyu.edu/papers/torres_toto_usenixsec-2016.pdf)
Git is vulnerable to, and more — all while being backwards compatible
with forges such as GitHub and GitLab.
.
gittuf is currently in alpha. gittuf's metadata may have breaking
changes, meaning a repository's gittuf policy may have to be
reinitialized from time to time. As such, gittuf is currently not
intended to be the primary mechanism for enforcing a repository's
security.
.
That said, we're actively seeking feedback from users. Take a look at
the get started guide (/docs/get-started.md) to learn how to install and
try gittuf out!
.
This package contains the command-line gittuf tool.
Installed Size: 66.0 MB
Architectures: arm64 amd64