Supply Chain Integrity

We are helping people understand and make decisions on the provenance of the code they maintain, produce and use. We have great projects likeĀ GUAC,Ā SLSAĀ andĀ gittufĀ that you can work with.

Objective

The objective of the Supply Chain Integrity Working Group (WG) is to provide a global community for collaborating to help individuals and organizations assess and improve the security of end-to-end supply chains for open source software.

Motivation

Supply chain issues and attacks cause significant damage worldwide including lost revenue, costs of ransomware payments, costs of mitigation, denial of access to resources, reduced customer trust, and public deception. As a matter of public trust, governments are beginning to mandate actions aimed at improving the security and integrity of supply chains.

GitHub

Slack

Mailing List

Meeting Registration