Google's OSS Rebuild initiative aims to bolster trust and transparency in open source package ecosystems by offering tools that facilitate reproducible builds, independent verification, and provenance generation. This initiative automates the creation of build definitions for Python, JavaScript, and Rust packages while ensuring compliance with SLSA Build Level 3 requirements. The infrastructure enables organizations to run their instances for building and signing packages. The growing reliance on open source software, comprising 77% of modern applications, amid rising supply chain attacks necessitates such innovations to restore confidence among consumers and contributors alike.
OSS Rebuild automates the creation of declarative build definitions for existing software packages, enhancing security through independent verification and provenance generation aligned with SLSA Build Level 3 requirements.
With OSS Rebuild, organizations can effortlessly build, generate, sign, and distribute provenance for open source packages, strengthening transparency and trust in software supply chains.
Collection
[
|
...
]