Software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents. Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. The “Supply chain Levels for Software Artifacts” (SLSA) aims to secure the software development and deployment pipeline. Google said SLSA is inspired by the company’s own internal enforcement mechanism called Binary Authorization for Borg, a set of auditing tools that verifies code provenance and implements code identity.
Source: https://thehackernews.com/2021/06/google-releases-new-framework-to.html