Skip to main content
Background Image

SLSA

Code Signing — GaraSign
·869 words·2 mins
This article introduces the installation, usage, and verification methods of the GaraSign code signing tool, helping developers achieve secure code signing.
Code Signing
·701 words·2 mins
This article introduces the concept and importance of code signing, along with a comparison of two common code signing tools, emphasizing its role in software supply chain security.
How to adopt Supply Chain Security for GitHub and Non-GitHub projects
·441 words·3 mins
This article introduces how to implement software supply chain security using SLSA and Witness for both GitHub and non-GitHub projects, enhancing the security of software development and deployment processes.
Witness and SLSA 💃
·954 words·2 mins
This article introduces the concept and working mechanism of Witness, and how to use Witness to generate and verify the provenance of software artifacts, emphasizing its importance in improving software supply chain security.
Understanding SBOM - Definition, Relationships, Differences, Best Practices, and Generation Tools
·1254 words·6 mins
This article introduces the definition of SBOM, its relationship and differences with SLSA and Black Duck, best practices, and available generation tools, helping readers better understand and apply SBOM.
The SLSA Framework and Software Supply Chain Security Protection
·1334 words·3 mins
This article introduces the concept, purpose, and levels of the SLSA framework, and how to apply SLSA in the software supply chain to improve security. It helps readers understand the importance of SLSA in software development and deployment.