WebJun 17, 2024 · Google has proposed the Supply chain Levels for Software Artifacts (SLSA – pronounced ‘salsa’) to tackle growing supply chain integrity attacks. While these attacks are not new for the industry, … WebNov 3, 2024 · In June 2024, Google’s Open Source Security Team made a blog post proposing a solution to this well documented problem, and outlined a framework that specifies levels of maturity for the software development lifecycle as it pertains to security in supply chain attacks. Supply chain Levels for Software Artifacts, or SLSA (pronounced …
Google Distroless Images Achieve SLSA Level 2 - infoq.com
WebFeb 7, 2024 · In the Day 2 keynotes, Brandon Lum from Google, shared the work his team and the SIG Security team is doing for software supply chain security. Brandon covered supply chain security from a producer and consumer perspective. He first introduced the projects and tools that establish trust and produce software supply chain artifacts. Next, … hcf of 675 and 450
Assured Open Source Software Google Cloud Assured OSS Google …
WebSLSA-2 compliant builds. Packages are built with Cloud Build, including evidence of verifiable SLSA-compliance. We provide three levels of package assurance: level 1, built … WebApr 4, 2024 · Against this backdrop, Google proposed Supply-Chain Levels for Software Artifacts (SLSA, pronounced “salsa”) in June. Inspired by the vendor’s internal “ Binary Authorization for Borg ,” process, which has been mandatory for production workloads at Google for decades, SLSA is a framework for ensuring the integrity of software ... WebApr 10, 2024 · EP116 SBOMs: A Step Towards a More Secure Software Supply Chain. 30. 00:00:00 / 00:29:50. 30. Apr 10, 2024. Guest: Isaac Hepworth, PM focused on Software Supply Chain Security @ Google. Cooked questions: Why is everyone talking about SBOMs all of a sudden? gold coast native plants