SLSA

This article introduces the installation, usage, and verification methods of the GaraSign code signing tool, helping developers achieve secure code signing.

This article introduces the concept and importance of code signing, along with a comparison of two common code signing tools, emphasizing its role in software supply chain security.

This article introduces how to implement software supply chain security using SLSA and Witness for both GitHub and non-GitHub projects, enhancing the security of software development and deployment processes.

This article introduces the concept and working mechanism of Witness, and how to use Witness to generate and verify the provenance of software artifacts, emphasizing its importance in improving software supply chain security.

This article introduces the definition of SBOM, its relationship and differences with SLSA and Black Duck, best practices, and available generation tools, helping readers better understand and apply SBOM.

This article introduces the concept, purpose, and levels of the SLSA framework, and how to apply SLSA in the software supply chain to improve security. It helps readers understand the importance of SLSA in software development and deployment.