wingetCollections
  • Auto
  • Search
  • Awesome Collections
  • Awesome Programs
  • My Favorite Collections
  • My Collections
  • Account / Settings
  • Terms of Service
  • Privacy
  • About

© 2025 winget.ragerworks.com

Loading...
Install git-remote-gittuf using Winget - wingetCollections
  1. Go back
  2. Packages
  3. git-remote-gittuf
git-remote-gittuf logo

git-remote-gittuf gittuf

git git-security gittuf
Use this command to install git-remote-gittuf:
winget install --id=gittuf.git-remote-gittuf -e

Git Remote Gittuf is a custom Git remote transfer protocol binary designed to enhance security for Git repositories by enforcing policy controls and verifying changes. This tool ensures that repository modifications adhere to predefined security policies, independent of the source control platform or forge used.

Key Features:

  • Policy Enforcement: Enforces custom security policies to prevent unauthorized changes.
  • Platform-Agnostic: Works across any Git hosting platform, removing reliance on a single forge for trust.
  • Cryptographic Verification: Verifies the integrity of repository changes using cryptographic mechanisms.
  • Independent Validation: Allows developers to independently verify policy compliance without depending on third-party services.
  • Integration: Compatible with existing Git workflows and tools.

Audience & Benefit:
Ideal for maintainers and organizations managing sensitive or critical Git repositories. It provides an additional layer of security, ensuring that all changes meet defined policies and enhancing the integrity of the software supply chain.

README

gittuf Verification Build and Tests (CI) Coverage Status OpenSSF Best Practices OpenSSF Scorecard

gittuf is a platform-agnostic Git security system. The maintainers of a Git repository can use gittuf to protect the contents of a Git repository from unauthorized or malicious changes. Most significantly, gittuf’s policy controls and enforcement is not tied to your source control platform (SCP) or “forge”, meaning any developer can independently verify that a repository’s changes followed the expected security policies. In other words, gittuf removes the forge as a single point of trust in the software supply chain!

gittuf is an incubating project at the Open Source Security Foundation (OpenSSF) as part of the Supply Chain Integrity Working Group.

Current Status

gittuf is currently in beta. gittuf's metadata is versioned, and updates should not require reinitializing a repository's gittuf policy. We recommend trying out gittuf in addition to existing repository security mechanisms you may already be using (e.g., forge security policies). We're actively seeking feedback from users, please open an issue with any suggestions or bugs you encounter!

Installation, Get Started, Get Involved

Take a look at the get started guide to learn how to install and try gittuf out! Additionally, contributions are welcome, please refer to the contributing guide, our roadmap, and the issue tracker for ways to get involved. In addition, you can join the gittuf channel on the OpenSSF Slack and say hello!

Versions
0.12.0
Website
github.com
License
Last updated
10/25/2025