Since the Log4j vulnerability was discovered at the end of last year, the security of the software supply chain has been a very important issue for many enterprises and government organizations. Previously, Google has open sourced a framework called SLSA (Supply chain Levels for Software Artifacts) for the security of the software supply chain. This is a new end-to-end framework. Google hopes to promote the implementation of standards and guidelines through SLSA. Ensuring the entire software supply chain…

#Google #Open #Sources #GUAC #Project #Protect #Software #Supply #Chains