in-toto has the concept of inspections. Inspections are defined in a software supply chain layout and consist of a command to be run during the in-toto verification process and optionally artifact rules.
This repo provides a collection of commonly used inspection commands to be shipped out or plugged-in with in-toto.