in-toto's governance and code of conduct are described in the in-toto/community repository.
This implementation adheres to
in-toto's contributing guidelines.
Pull requests must be submitted to the develop branch where they undergo
review and automated testing, including, but not limited to:
- Unit and build testing via Tox on GitHub Actions
- Static code analysis via Pylint and Bandit
- Checks for Signed-off-by commits via Probot: DCO
- Review by one or more maintainers