Dip into SLSA with OpenSSF
May 02, 2023
San Francisco, California. The Open Source Security Foundation (OpenSSF) has published ratification 1.0 of Supply-chain Levels for Software Artifacts (SLSA). The OpenSSF SLSA solution delivers specifications for software supply chain security. The specifications are designed utilizing the expertise of community members.
The platform leverages ascending levels with each level continually to increase security. The levels are designed to ensure the legitimacy of authentic software tracing back to the source.
"The OpenSSF is working hard to put more rigor into the software development process," said Brian Behlendorf, General Manager of the OpenSSF. "The stable release of SLSA v1.0 is an important milestone in improving software supply chain security and providing organizations with the tools they need to protect their software."
- Common terminology about software supply chain security
- Test upstream dependencies (source code, builds, and container images)
- Actionable checklist improving user’s software's security
- Simplify compliance with forthcoming Executive Order standards in the Secure Software Development Framework (SSDF)
For more information, visit openssf.org.
To utilize SLSA, visit slsa.dev/.