A Crash Course in Software Supply Chain Security

Software supply chain security is an enormous problem: it covers everything from build systems to the code in open-source dependencies to package managers to social relationships between developers. Unfortunately, we know about hundreds of supply chain compromises, and there are likely just as many that were never discovered or reported.…

SLSA vs. Software Supply Chain Attacks

Past Attacks and How SLSA Helps More than a condiment or dance style, SLSA is a framework for strengthening the security of the software supply chain. SLSA, or supply-chain levels for software artifacts, provides an incremental series of defensive measures that prevents tampering and improves the integrity of a software…

Building trust in our software supply chains with SLSA

If you’re worried about software supply chain attacks and unsure of how to tackle the problem or align your team on a roadmap, this series on SLSA is for you. What is SLSA?SLSA or “Supply-chain Levels for Software Artifacts” is a framework for ensuring the integrity of software…