Скачать или смотреть SLSA: Industry-Driven Guidelines for Software Supply Chain Security | OpenSSF Project Spotlight

SLSA (Supply-chain Levels for Software Artifacts) is a set of incrementally adoptable, industry-defined guidelines designed to help both software producers and consumers improve their supply chain security. By providing a clear, structured approach to securing build systems, provenance, and artifact integrity, SLSA helps organizations better assess trust and reduce supply chain risk.

SLSA provides:
• A common vocabulary for discussing supply chain security
• Guidance for evaluating incoming artifacts and their trustworthiness
• An actionable checklist for improving a project’s own security posture
• A measurable path toward alignment with standards such as the SSDF outlined in U.S. Executive Orders

Whether you’re publishing software or evaluating dependencies, SLSA offers a consistent, transparent framework to strengthen security across the ecosystem.

This video features insights from:
• Tom Hennen, SLSA Steering Committee, Senior Software Engineer at Google