Ensuring software releases adhere to expected processes is crucial for both open-source projects and enterprise software. The in-toto project offers a solution by creating attestations for each step, providing verifiable evidence of compliance. Over the past five months, community contributors have worked to enhance the definition and capabilities of in-toto layouts to enforce policies for these attestations. This presentation will showcase the results of this effort, demonstrating how to create flexible policies for any software development lifecycle (SDLC) process, from source code commit to production release. We will explore how to formulate policies that verify attestations for code reviews, SBOM integrity, testing, vulnerability scans, build provenance (such as SLSA), and more. Join us to learn how to ensure your software development process is compliant and secure.