SLSA – Open Source Security Foundation

SLSA is a set of incrementally adoptable guidelines for supply chain security, established by industry consensus. The specification set by SLSA is useful for both software producers and consumers: producers can follow SLSA’s guidelines to make their software supply chain more secure, and consumers can use SLSA to make decisions about whether to trust a software package.
SLSA offers:

A common vocabulary to talk about software supply chain security
A way to secure your incoming supply chain by evaluating the trustworthiness of the artifacts you consume
An actionable checklist to improve your own software’s security
A way to measure your efforts toward compliance with forthcoming Executive Order standards in the Secure Software Development Framework (SSDF)

GitHub

Website

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox