Scribe Security CTO Danny Nebenzahl discusses in-toto, a framework for securing the integrity of the software supply chain. It uses an evidence-driven concept to demonstrate and justify trust in supply chain artifacts. Daniel describes how this framework can be expanded and implemented to provide evidence-based security, visibility, transparency and control over the software supply chain.