Implementing End-to-End Software Supply Chain Security with SLSA

When you make changes in your development workflows or technologies, your security practices must also adjust. The move to containers is no different.

In 2020 and 2021, software supply chain security entered the news headlines with alarming frequency. The SolarWinds, CodeCov, and Kaseya attacks raised awareness of the risks posed by supply chain attack vectors, and as a result, cybersecurity experts at every level began seeking solutions.
President Biden’s May 2021 executive order, “Improving the Nation’s Cybersecurity,” called further attention to the issue, pointing towards new measures in the regulatory framework for federal contractors (most notably, the inclusion of Software Bills of Material, or SBOMs). Industry has responded with a flurry of activity. One effort that has gained particular attention is the Security Levels for Software Artifacts (SLSA) Framework.

This white paper is based on our experience helping organizations enhance their software supply chains and harden them against internal and external threats.