As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecovsecurity incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called “Supply chain Levels for Software Artifacts” (SLSA, and pronounced “salsa”), the end-to-end framework aims to secure the software development and