Google Intros SLSA Framework to Enforce Supply Chain Integrity

Source
Advertisement


The U.S. tech giant this week unveiled SLSA (Supply chain Levels for Software Artifacts), a new end-to-end framework the company hopes will drive the enforcement of standards and guidelines to ensuring the integrity of software artifacts throughout the software supply chain.

The framework, released as part of the OpenSSF Foundation, is essentially a set of security guidelines being established by industry consensus but the long-term play is for SLSA to support the automatic creation of auditable metadata that can be fed into policy engines to give “SLSA certification” to a particular package or build platform.

Advertisement