Software supply chain security helps organizations detect, identify, analyze, and mitigate risks associated with the digital artifacts that enter their software via third parties like open source libraries, commercial software vendors, or outsourced development. A comprehensive supply chain security strategy combines risk management and cybersecurity principles to assess supply chain risks and implement measures to block, mitigate, or remediate them.
Google introduced "Supply chain Levels for Software Artifacts" (SLSA), an end-to-end framework to ensure the integrity of software artifacts throughout the software supply chain.As per Google, "The goal of SLSA is to improve the state of the industry, particularly open source, to defend against the most pressing integrity threats."
Read more of this post