The ActiveState Approach to Supply chain Levels for Software Artifacts (SLSA)
It’s this force multiplier – a single cyberattack on a major ISV that can compromise tens of thousands of end user companies – that caused President Biden to issue an executive order. In response, Google launched an initiative that has since become an industry-wide collaboration: Supply chain Levels for Software Artifacts (SLSA), a security framework designed to:
- Prevent tampering within the software development process
- Improve the integrity of built artifacts
- Ensure the security of open source packages
- Secure the infrastructure your projects rely on
ActiveState is committed to helping developers ensure the security and integrity of the open source language packages they use in their software development processes. With our ActiveState Platform, we’re delivering all the controls required to generate SLSA Level 4 artifacts for the open source language runtime environments your projects rely on.
This paper introduces each SLSA criteria, and details how ActiveState can help you meet all requirements up to and including the highest level of security and integrity: SLSA Level 4.