Part 3: gittuf for Contributors

gittuf can be configured in one of two ways:

  • Automatically handle gittuf operations, or,
  • Require the user to manually to sync gittuf data and verify the repository

Depending on how you wish to use gittuf and the sensitivity of the repository that you are working on, you might want to choose a different option than others (even other users working on the same repository as you).

For most users, we recommend letting gittuf automatically manage its operations in the background, unless you:

  • Are a maintainer who must manage the security policy gittuf applies.
  • Would like to manually invoke gittuf synchronization and verification operations.
  • Are debugging an issue.

Next: gittuf Metadata

Let’s start with an overview of gittuf Metadata.

Copyright © 2025 gittuf a Series of LF Projects, LLC. For web site terms of use, trademark policy and other project policies please see https://lfprojects.org/.
This site uses Just the Docs, a documentation theme for Jekyll.