The Update Framework (TUF) — API Provider, Schemas | APIs.io Providers
The Update Framework (TUF)
TUF (The Update Framework) is a CNCF graduated framework for securing software update systems. It provides a specification for how software repositories should be structured and how clients should verify updates to protect against key compromise, rollback attacks, and mix-and-match attacks. TUF is used by many package managers and update systems including PyPI, Sigstore, and various Linux distributions. The framework defines a four-role metadata structure (root, targets, snapshot, timestamp) with threshold signing and delegation capabilities for scalable trust management.
7 APIs<br>0 Features
CNCFCloud NativeGraduatedSecuritySoftware Supply ChainSoftware UpdatesVerification
APIs
TUF Repository Specification
The TUF specification defines the structure of update repositories including the root, targets, snapshot, and timestamp metadata files. Each metadata file has a defined schema w...
TUF Python Reference Implementation
The official Python reference implementation of The Update Framework (TUF) specification. Provides a metadata API for reading and writing TUF metadata files, an ngclient API imp...
TUF Go Implementation
A Go implementation of The Update Framework (TUF), heavily influenced by python-tuf's design. Provides metadata, TrustedMetadata, and Updater packages implementing the TUF clien...
TUF Rust Implementation
A Rust implementation of The Update Framework (TUF) specification providing a strongly-typed API for working with TUF metadata, verifying signatures, and implementing the TUF cl...
TUF JavaScript Implementation
A JavaScript/TypeScript implementation of The Update Framework (TUF) for use in Node.js environments and browser-based update systems. Enables TUF-compliant software update veri...
TUF on CI
A TUF repository management and signing tool designed for use in CI/CD pipelines. Enables teams to maintain a TUF repository using GitHub Actions and other CI systems for automa...
TUF Conformance Test Suite
The official TUF client conformance test suite for verifying that TUF client implementations correctly implement the TUF specification, including proper handling of all attack v...
Pricing Plans
Tuf Plans Pricing
3 plans
PLANS
Rate Limits
Tuf Rate Limits
5 limits
RATE LIMITS
FinOps
Tuf Finops
FINOPS
Semantic Vocabularies
Tuf Context
0 classes · 12 properties
JSON-LD
JSON Structure
Tuf Root Metadata Structure
0 properties
JSON STRUCTURE
Tuf Targets Metadata Structure
0 properties
JSON STRUCTURE
Example Payloads
Tuf Python Client Usage Example
4 fields
EXAMPLE
Tuf Root Metadata Example
3 fields
EXAMPLE
Tuf Targets Metadata Example
3 fields
EXAMPLE
Resources
Website<br>Website
Documentation<br>Documentation
GettingStarted<br>GettingStarted
GitHubOrganization<br>GitHubOrganization
GitHubRepository<br>GitHubRepository
Specification<br>Specification
Blog<br>Blog
CNCF<br>CNCF
Community<br>Community
JSONLD<br>JSONLD
JSONSchema<br>JSONSchema
JSONSchema<br>JSONSchema
JSONSchema<br>JSONSchema
JSONSchema<br>JSONSchema
Vocabulary<br>Vocabulary
Sources
apis.yml
YAML<br>JSON<br>Download<br>Raw ↑<br>Copy
aid: tuf<br>name: The Update Framework (TUF)<br>description: TUF (The Update Framework) is a CNCF graduated framework for securing software update systems. It provides a<br>specification for how software repositories should be structured and how clients should verify updates to protect against<br>key compromise, rollback attacks, and mix-and-match attacks. TUF is used by many package managers and update systems including<br>PyPI, Sigstore, and various Linux distributions. The framework defines a four-role metadata structure (root, targets, snapshot,<br>timestamp) with threshold signing and delegation capabilities for scalable trust management.<br>url: https://theupdateframework.io<br>image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg<br>tags:<br>- CNCF<br>- Cloud Native<br>- Graduated<br>- Security<br>- Software Supply Chain<br>- Software Updates<br>- Verification<br>created: '2026-03-16'<br>modified: '2026-05-03'<br>specificationVersion: '0.19'<br>type: Index<br>apis:<br>- aid: tuf:tuf-spec<br>name: TUF Repository Specification<br>description: The TUF specification defines the structure of update repositories including the root, targets, snapshot, and<br>timestamp metadata files. Each metadata file has a defined schema with signatures, expiration dates, and delegation rules.<br>Clients follow a defined verification workflow to securely resolve and download updates while protecting against various<br>attack vectors including key compromise, rollback attacks, freeze attacks, and mix-and-match attacks. The specification<br>is version 1.0.31.<br>humanURL: https://theupdateframework.github.io/specification/latest/<br>properties:<br>- type: Documentation<br>url: https://theupdateframework.github.io/specification/latest/<br>- type: GitHubRepository<br>url: https://github.com/theupdateframework/specification<br>- type: JSONSchema<br>url:...