SLSA

Supply chain Levels for Software Artifacts, or SLSA (salsa).

It’s a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises. It’s how you get from safe enough to being as resilient as possible, at any link in the chain. (Link)

There are four Levels of assurance in SLA from Level 1 to Level 4.

Here is the first stop to get started to reach SLSA Level 1.

• Automate your builds
• Produce provenance data*

The second task is tightly related to software bill of materials or SBOM (Link).