Getting started

TUF provides a framework for integration of the security properties into new and existing content delivery systems. This page will help you get started if you want to use TUF either as a maintainer or client.

While some adoptions integrate TUF by implementing the framework from scratch, others start from either a TUF implementation or from a TUF system. This page lists open source implementations of TUF which can be used as building blocks for any TUF adoption.

Implementations

TUF implementations provide libraries implementing the primitives and algorithms, such as the detailed client workflow, in the specification.

Reference implementations

Third-party implementations

php-tuf
tough, by AWS Labs
Notary Project, by the Notary Project

Systems

TUF systems build on top of library implementations and provide opinionated signing systems designed for particular use-cases.

Current Systems

Repository Service for TUF (RSTUF) is a designed to integrate into an existing artifact repository with an established storage and delivery system.
tuf-on-ci is a TUF repository and signing tool designed to operate on a CI system and guide signing events through Git forge workflows.
Uptane enables secure software updates for automobiles.
The Archive Framework (TAF) is a framework that aims to provide archival authentication and ensure that Git repositories can be securely cloned/updated.
TUF Browser, from the Freedom of the Press Foundation, is a minimal TypeScript implementation of TUF intended to be compatible with browsers.

Learn more

Some of our Videos explain how to implement TUF practically.
To learn about how to contribute to TUF, see Contributing.

Last modified January 8, 2026: Add some implementations and systems (27e2acb)