SLSA Framework

[Kim Lewandowski]

Hi All,

We've been working on a proposal for supply chain integrity called the SLSA Framework (pronounced salsa) inspired by what we do internally at Google. The repo is here: https://github.com/slsa-framework/slsa. The objective of this document is to reach industry agreement on the framework for software supply chain security starting with industry consensus on a few principles and definitions.

Take a look and let me know what you think. I'll be covering this in more detail in an upcoming wg meeting.

--

Kim Lewandowski | Product Manager, Google Cloud Platform | klewan...@google.com