SLSA vs. Software Supply Chain Attacks

Past Attacks and How SLSA Helps More than a condiment or dance style, SLSA is a framework for strengthening the security of the software supply chain. SLSA, or supply-chain levels for software artifacts, provides an incremental series of defensive measures that prevents tampering and improves the integrity of a software…

Building trust in our software supply chains with SLSA

If you’re worried about software supply chain attacks and unsure of how to tackle the problem or align your team on a roadmap, this series on SLSA is for you. What is SLSA?SLSA or “Supply-chain Levels for Software Artifacts” is a framework for ensuring the integrity of software…

Automatic SBOMs with ko

For those unfamiliar with ko, it “is a simple, fast container image builder for Go applications;” its objective is to enable developers to stop worrying about containers, and focus on their application.  The philosophy of ko aligns with our mission at Chainguard: to make the software supply chain secure by…

Kubernetes Meets SLSA

Kubernetes 1.23 was just released and is full of security improvements. The most exciting improvement to us is the release engineering work to bring the Kubernetes build process up to SLSA1 for hardened supply chain integrity!…