Last Updated: August 31, 2022

The ActiveState Approach to Supply chain Levels for Software Artifacts (SLSA)

A single cyberattack on a major ISV can compromise thousands of downstream companies. SLSA, the industry-wide framework, is designed to keep your software development process secure. Learn how you can meet all the SLSA requirements up to and including the highest level: SLSA Level 4.

Open source software’s speed and innovation benefits have made it an essential element of modern software development, despite multiple vectors of attack that can introduce malware into an Independent Software Vendor’s (ISV) organization, which may then be propagated downstream to its customers.

It’s this force multiplier – a single cyberattack on a major ISV that can compromise tens of thousands of end user companies – that caused President Biden to issue an executive order. In response, Google launched an initiative that has since become an industry-wide collaboration: Supply chain Levels for Software Artifacts (SLSA), a security framework designed to:

  • Prevent tampering within the software development process
  • Improve the integrity of built artifacts
  • Ensure the security of open source packages
  • Secure the infrastructure your projects rely on

ActiveState is committed to helping developers ensure the security and integrity of the open source language packages they use in their software development processes. With our ActiveState Platform, we’re delivering all the controls required to generate SLSA Level 4 artifacts for the open source language runtime environments your projects rely on.

This paper introduces each SLSA criteria, and details how ActiveState can help you meet all requirements up to and including the highest level of security and integrity: SLSA Level 4.