Supply-chain Levels for Software Artifacts
SLSA is a set of incrementally adoptable guidelines for supply chain security, established by industry consensus. The specification set by SLSA is useful for both software producers and consumers: producers can follow SLSA’s guidelines to make their software supply chain more secure, and consumers can use SLSA to make decisions about whether to trust a software package.
SLSA offers:
  • A common vocabulary to talk about software supply chain security
  • A way to secure your incoming supply chain by evaluating the trustworthiness of the artifacts you consume
  • An actionable checklist to improve your own software’s security
  • A way to measure your efforts toward compliance with forthcoming Executive Order standards in the Secure Software Development Framework (SSDF)