Docs Security

Supply chain export

For teams that need SLSA, in-toto or Sigstore artifacts, gridtrue exports in-place.

Supply-chain compliance tools and gridtrue solve different problems. Sigstore signs artifacts for external consumers. gridtrue signs validations for internal team communication. When you need both, we export to the industry standards your auditor already recognizes.

SLSA provenance: gridtrue export provenance renders one SLSA v1.0 document per attestation.
in-toto: The attestation envelope is in-toto statement-shaped; no translation required.
Sigstore: Sign-per-release pipeline integrates with cosign using the same identity.