Software Bill of Materials on in-toto (SBOMit)

The SBOMit specification is a SBOM format independent method for attesting components with additional verification information. These attestation are generated at the time the supply chain was generated.

This verification information, which uses in-toto attestations and layouts, is able to be validated by a party to get a high degree of assurances about the software.