Getting started

TUF provides a framework for integration of the security properties into new and existing content delivery systems. This page will help you get started if you want to use TUF either as a maintainer or client.

While some adoptions integrate TUF by implementing the framework from scratch, others start from either a TUF implementation or from a TUF system. This page lists open source implementations of TUF which can be used as building blocks for any TUF adoption.

Implementations

TUF implementations provide libraries implementing the primitives and algorithms, such as the detailed client workflow, in the specification.

python-tuf, the reference implementation
go-tuf
tuf-js

Systems

TUF systems build on top of library implementations and provide opinionated signing systems designed for particular use-cases.

Repository Service for TUF (RSTUF) is a designed to integrate into an existing artifact repository with an established storage and delivery system.
tuf-on-ci is a TUF repository and signing tool designed to operate on a CI system and guide signing events through Git forge workflows.

Learn more

Some of our Videos explain how to implement TUF practically.
To learn about how to contribute to TUF, see Contributing.

Last modified October 12, 2024: New and improved Docsy-based version of the website (#105) (2856e69)