Supply-chain Levels for Software Artifacts, or SLSA ("salsa"). It’s a security framework, a checklist of standards and controls to prevent tampering, improve integrity, and secure packages and …

2023年6月11日 · Google 的 SLSA 框架（Supply-chain Levels for Software Artifacts 软件制品的供应链级别）是通过识别 CI/CD 流水线中的问题并减小影响，为实现更安全的软件开发和部署 …

2021年6月23日 · 谷歌提出的解决方案是软件开发的供应链级别（Supply chain Levels for Software Artifacts 简称 SLSA，发音为“salsa”），这是一个端到端框架，用于保证整个软件供应链中组件 …

SLSA (pronounced "salsa") is a security framework from source to service, giving anyone working with software a common language for increasing levels of software security and supply chain …

2021年7月9日 · 这套解决方案名为Supply chain Levels for Software Artifacts（软件构件的供应链级别），简称为 SLSA。 这个端到端的框架旨在确保软件开发和部署过程的安全性，专注于缓 …

2022年6月15日 · SLSA defines expectations for isolated ephemeral build environments, trusted builders, repeatable builds, build config as code, and parameterless builds. This enables …

2021年7月27日 · 这套解决方案名为Supply chain Levels for Software Artifacts（软件构件的供应链级别），简称为 SLSA。 这个端到端的框架旨在确保软件开发和部署过程的安全性，专注于缓 …

SLSA is a set of incrementally adoptable guidelines for supply chain security, established by industry consensus. The specification set by SLSA is useful for both software producers and …

The SLSA framework helps organizations measure the level of assurance that the Software Artifacts they produce actually contain and use what they intended (integrity), by ensuring that …

2024年3月5日 · SLSA (Supply-chain Levels for Software Artifacts) is one of the most comprehensive and widely adopted security frameworks for CI/CD pipelines. It provides a …