We’re pleased to share that gittuf, a platform-agnostic Git security framework, has officially progressed to the Incubating Project stage under the Open Source Security Foundation (OpenSSF). This marks a major milestone in gittuf’s development and recognizes the project’s technical progress, community growth, and alignment with the broader mission of strengthening the open source software supply chain.
gittuf aims to improve the security of Git repositories by adding cryptographic access controls, tamper-evident logging, and enforceable policies directly into the repository itself. It provides these capabilities without requiring developers to abandon familiar Git workflows or tooling. This makes gittuf especially valuable for projects and organizations looking to secure their development infrastructure at the version control layer.
“gittuf addresses a critical gap in the software development process by securing Git at its core. It’s an exciting and important step to see the project advance to incubation within OpenSSF and reflects positively on gittuf’s maturity and adoption,”— Justin Cappos, OpenSSF Governing Board Member; gittuf Governing Board Member, and Professor, NYU Tandon School of Engineering;
This promotion to Incubating status, as approved by the OpenSSF Technical Advisory Council (TAC), acknowledges gittuf’s sustained technical progress, increasing contributor activity, and clear value to the broader open source security landscape. gittuf recently reached the beta milestone, and integrates with related OpenSSF efforts like Sigstore and the upcoming SLSA source track. By reaching the Incubating stage, gittuf benefits from greater visibility and access to OpenSSF resources.
“We are thrilled to see gittuf reach incubation. Securing version control is a foundational step for software supply chain security, and we believe OpenSSF is the ideal community to help us grow and deliver on that mission,”— Aditya Sirish A Yelgundhalli, Maintainer of gittuf; Ph.D. candidate, NYU Tandon School of Engineering
The OpenSSF Technical Advisory Council (TAC) voted to advance gittuf from Sandbox to Incubating based on the project’s steady progress, clear security focus, and growing engagement. The research team that developed gittuf won a Distinguished Paper Award for their work at the Network and Distributed System Security Symposium 2025. gittuf is also part of the current term of the LFX mentorship program.
We invite security engineers, maintainers, and developers interested in securing source code infrastructure to get involved. To learn more about the project, contribute, or join the community, visit gittuf.dev.