diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
index 17f8c157..2efa6d4a 100644
--- a/.github/actions/spelling/expect.txt
+++ b/.github/actions/spelling/expect.txt
@@ -1,4 +1,5 @@
 Abhishek
+adityasaky
 Administrativia
 adware
 aeva
@@ -18,6 +19,7 @@ Benzies
 blogging
 Brasseur
 Bressers
+Cappos
 CEOs
 chainguard
 Channable
@@ -29,11 +31,13 @@ Civs
 CLA
 CNCF
 Coinbase
+COPYLEFT
 Corail
 CPython
 crob
 CSAF
 curating
+curtmola
 CVD
 CVEs
 CVRF
@@ -53,6 +57,7 @@ Ferraioli
 Foxboron
 frenemy
 fyi
+gittuf
 Gendreau
 Gesmer
 google
@@ -133,6 +138,7 @@ repurposable
 rescope
 rescoping
 resourcing
+reza
 Rezilion
 RFPs
 rhaning
@@ -154,8 +160,10 @@ Shopify
 Shortlist
 sif
 sigstore
+Sirish
 SKF
 SLSA
+SNYK
 Sonatype
 sourcing
 stakeholders
@@ -190,7 +198,9 @@ wagoodman
 WGs
 Wipro
 wishlist
+wlynch
 Yehuda
+Yelgundhalli
 Yoav
 Yotam
 youtube
diff --git a/README.md b/README.md
index 50c9033a..b43e744d 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,7 @@ Diagrams with an overview of the OpenSSF, including its projects and SIGs, are a
 | Best Practices Badge   | https://github.com/coreinfrastructure/best-practices-badge | [Mailing list](https://lists.coreinfrastructure.org/mailman/listinfo/cii-badges) | Best Practices WG   | TBD        |
 | Criticality Score      | https://github.com/ossf/criticality_score        | [Meeting Notes](https://docs.google.com/document/d/1GFslP6elYCx27TUitdigDr1gsOItYkL0Vq7hTB9y4Lo/edit?usp=sharing) | Securing Critical Projects WG   | TBD        |
 | Fuzz Introspector      | https://github.com/ossf/fuzz-introspector        | [Meeting Notes](https://docs.google.com/document/d/1jzxhzIfkOMTagpeFWYoZpMKwHYeO4Gc7Eq5FcMFEw2c/edit?usp=sharing) | Security Tooling WG            | TBD        |
+| gittuf | https://github.com/gittuf/gittuf | TBD | Supply Chain Integrity WG | Sandbox |
 | OSV Schema             | https://github.com/ossf/osv-schema               | [Meeting Notes](https://docs.google.com/document/d/1jzqhW9SK9QRA39fQz0RiAkvpRWB0xztt1TAFJEseTlA/edit?usp=sharing) | Vulnerability Disclosures WG   | TBD        |
 | Package Analysis       | https://github.com/ossf/package-analysis         | [Meeting Notes](https://docs.google.com/document/d/1GFslP6elYCx27TUitdigDr1gsOItYkL0Vq7hTB9y4Lo/edit) | Securing Critical Projects WG   | TBD        |
 | Package Feeds          | https://github.com/ossf/package-feeds            | [Meeting Notes](https://docs.google.com/document/d/1GFslP6elYCx27TUitdigDr1gsOItYkL0Vq7hTB9y4Lo/edit) | Securing Critical Projects WG   | TBD        |
diff --git a/process/project-lifecycle-documents/gittuf_sandbox_stage.md b/process/project-lifecycle-documents/gittuf_sandbox_stage.md
new file mode 100644
index 00000000..5d59acd1
--- /dev/null
+++ b/process/project-lifecycle-documents/gittuf_sandbox_stage.md
@@ -0,0 +1,123 @@
+## Application for gittuf at Sandbox stage
+
+### List of project maintainers
+
+* Aditya Sirish A Yelgundhalli (New York University, @adityasaky)
+* Billy Lynch (Chainguard, @wlynch)
+* Justin Cappos (New York University, @JustinCappos)
+* Reza Curtmola (New Jersey Institute of Technology, @reza-curtmola)
+
+### Mission of the project
+
+Git is the most popular source control management system in the world but it
+largely leaves security controls either to the developers or to the hosts
+storing a copy of some repository. gittuf's mission is to implement security
+controls into Git repositories using existing Git semantics like its support for
+cryptographic signatures and its content addressed store. By embedding source
+security policies into the repository, gittuf makes policies transparent that
+enables _distributed verification_ by all repository users. Further, as gittuf
+versions and tracks changes to policies using Git semantics, past repository
+states can be _audited_ against the then-applicable policies.
+
+gittuf aims to embed features like distribution, rotation, and revocation of the
+keys trusted for repositories. In addition, gittuf allows repository owners to
+define access control policies for Git branches, tags, and files. Also, gittuf
+aims to implement support for SLSA's (under development) source security track
+by allowing repository owners to define policies for code review attestations,
+automated testing attestations, and more. Finally, gittuf presents an extensible
+layer that can implement more Git-specific security features in future.
+
+In summary, gittuf aims to offer the following improvements / properties to
+Git's security:
+* Key Management: distribute and revoke Git signing keys in the context of
+  repositories
+* Reference State Log: unambiguous, ordered log of repository activity with
+  authorship verified using cryptographic signatures
+* Access Control Policies: create policies that dictate which developers can
+  write to specific Git branches, tags, and files tracked in the repository
+  using the reference state log
+* Support Attestations: support in-toto and SLSA source track attestations to
+  enable verifying source code policies like code review requirements, test
+  results and more
+* Distributed and Transparent Verification: enable all developers to verify
+  without reliance on centralized policy verification
+* Auditable Repository Policies: track all versions of policies using the
+  reference state log so historic repository states can be verified against the
+  then-applicable policies, making repositories more auditable
+* Git-native and Backwards Compatible: compatible with all Git repositories,
+  including existing repositories, with no hard requirement of specific
+  Git-ecosystem tools
+* Extensible Security Layer: support the addition of security features as new
+  solutions or desirable Git repository properties emerge
+
+#### Alignment with the OpenSSF
+
+The mission of the gittuf project aligns with the
+[OpenSSF's Technical Vision](https://openssf.org/about/), especially with:
+
+> Developers, auditors, and regulators can create and easily distribute security
+policies that are enforced through tooling and automation, providing continuous
+assurance of the results.
+
+gittuf also has synergy with the mission of the [OpenSSF Supply Chain Integrity
+Working Group](https://github.com/ossf/wg-supply-chain-integrity):
+
+> scalable standardized attestable practices for supply chain security
+
+gittuf provides a framework to implement such practices for securing Git
+repositories, and is complementary to other efforts under the working group like
+SLSA.
+
+Finally, gittuf meets the sandbox entry requirements. The project has active
+maintainers from three organizations, aligns as described above with the OpenSSF
+mission, and presents a novel approach to securing Git repositories. In
+addition, gittuf has achieved the first level of the OpenSSF Best Practices
+badge.
+
+### IP policy and licensing due diligence
+
+License due diligence is complete and no conflicts were found. Here are the
+findings from the corresponding issue (https://github.com/ossf/tac/issues/199):
+
+```
+LICENSE INTAKE SCAN & ANALYSIS: OpenSSF: gittuf
+
+    This intake scan is a static analysis of the source code in your repository. A dependency scan was not performed. Once a project is added to LFX, you can use SNYK to view a dependency scan for both licenses and vulnerabilities.
+
+CODE SCANNED: https://github.com/gittuf [pulled 22–Sept-2023]
+3 repos scanned
+
+PROJECT LICENSE: Apache-2.0
+
+SPDX LICENSE IDENTIFIERS: SPDX license identifiers were not found in any source file headers.
+
+    We recommend that SPDX license identifiers be added to ALL source file headers. [see https://spdx.dev/ids for examples]
+
+PERMISSIVE LICENSES: Apache-2.0
+
+COPYLEFT LICENSES: None found
+
+PROPRIETARY LICENSES: None found
+
+LICENSE CONFLICTS: None found
+
+BINARY / PACKAGE FILES: None found
+
+THIRD PARTY CODE / DEPENDENCIES: None found
+
+THIRD PARTY NOTICE FILE: None found
+
+SUMMARY FINDINGS: The code is licensed under the Apache-2.0 license, which is the project license. SPDX license identifiers were not found and should be added to all source file headers. No license conflicts found.
+```
+
+### Project References
+
+| Reference                              | URL                                                                                                  |
+|----------------------------------------|------------------------------------------------------------------------------------------------------|
+| Repo                                   | https://github.com/gittuf/gittuf                                                                     |
+| Website                                | https://gittuf.github.io                                                                             |
+| Contributing guide                     | https://github.com/gittuf/gittuf/blob/main/CONTRIBUTING.md                                           |
+| Roadmap                                | https://github.com/gittuf/gittuf/blob/main/docs/roadmap.md                                           |
+| Demos                                  | https://github.com/gittuf/demo                                                                       |
+| Presentation to the SCI WG             | https://docs.google.com/presentation/d/12ivx9LwMe1xgOvazMqXeJpkmK80Z-rhD1_CIy8T2d6I/edit?usp=sharing |
+| Video Recording of SCI WG Presentation | https://zoom.us/rec/play/X1-avN0pWIzxWRQLpFSlDcjWVVsrZvdXta_6lK88Gvz2DbBReDYVJgDaDigdHAb0eoBvzhhBYQEaDWpt.CkXNT4amJEseG6q8 |