slsa
Safeguard articles tagged "slsa" — guides, analysis, and best practices for software supply chain and application security.
77 articles
Reproducible Builds: The Gold Standard for Supply Chain Integrity
If you can't rebuild a binary from source and get the same result, you can't verify that the binary matches the source. Reproducible builds close this fundamental trust gap.
Zero Trust Architecture for the Software Supply Chain
Zero trust isn't just for networks. Applying zero trust principles to your software supply chain fundamentally changes how you manage dependency risk.
Software Provenance Tracking: From Source to Production
Software provenance answers the question: where did this code come from, who built it, and can I trust it? In 2022, provenance tracking moved from academic concept to practical necessity.
A First-Principles Guide to Artifact Signing in 2022
Artifact signing is having a moment, but most teams skip the fundamentals. Here is the first-principles case for why you sign, what you sign, and who verifies.
SLSA Framework Introduction: Securing Supply Chain Integrity
Google's SLSA framework provides a graduated model for supply chain integrity, from basic provenance to fully verified builds. Here's how it works and why it matters.