2022年6月15日 · We suggest Supply-chain Levels for Software Artifacts (SLSA, pronounced “salsa”) as an on-ramp for successful SSDF adoption. SLSA is a framework for supply chain …

Google SLSA & NIST SSDF: Emerging Software Supply Chain Security Best Practices “Improving the Nation’s Cybersecurity (14028)” issued on May 12, 2021

Secure your software supply chain with Chainguard's guide to NIST SSDF and SLSA implementation. Learn how to protect your software from vulnerabilities.

Scribe 是第一个专注于 SSDF 内 PS（保护软件）实践组的解决方案 . Scribe 根据著名的 CIS 软件供应链安全基准，结合 SLSA 的一些要素，进行基于规则的评估，以确定源代码的保护级别。 …

2024年9月18日 · Require contractors to develop and maintain a software bill of materials (SBOM) for any software used in the performance of the contract regardless of whether there is any …

2022年9月7日 · nist 创建了所谓的安全软件开发框架(ssdf)，它描述了一组基于已建立的标准、指导和安全软件开发实践文档的高级实践。 或者简单地说，SSDF是一套成熟的SDLC标准模型。

2023年4月19日 · SLSA provides a framework to prevent source code and build system tampering. The specification set by SLSA is useful for both software producers and consumers: producers …

SLSA is a set of incrementally adoptable guidelines for supply chain security, established by industry consensus. The specification set by SLSA is useful for both software producers and …

2023年12月24日 · 2023年4月19日开源安全基金会（ Open Source Security Foundation，OpenSSF）宣布发布 软件 工件供应链级别（Supply-chain Levels for Software …

Supply-chain Levels for Software Artifacts, or SLSA (“salsa”), is a set of incrementally adoptable guidelines for supply chain security, established by industry consensus.