Hi,

I am currently working on your tool - in-toto, which is a security vulnerability tool. I have successfully set it up on my local laptop and run the initial commands.

Now, I have several private repositories hosted on GitHub, with over 30 users working on these repositories locally. I want to integrate in-toto verification into these repositories to enhance our security measures.

Details:
Environment: Windows 11 Enterprise
Tools Installed: Git Bash, Visual Studio Code, Microsoft Edge, etc.
Repositories: Private, hosted on GitHub
Users: 30+ working locally

What I’ve Done So Far:
Set up in-toto on my local machine. (using pip install)
Run initial commands to verify the setup. (using private a d public key)
in-toto run ......
in-toto verify ......

What I Need Help With:
How to integrate in-toto verification with our private GitHub repositories.
Best practices for setting up in-toto in a multi-user environment.
Any examples or documentation that could guide me through this process.
how to automate the entire In-toto run and verify commands.
how to configure this in GitHub actions.