Supply-chain Levels for Software Artifacts, or SLSA ("salsa").

SLSA is a specification for describing and incrementally improving supply chain security, established by industry consensus. It is organized into a series of levels that describe increasing security guarantees.

It’s a security framework, a checklist of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure. It’s how you get from "safe enough" to being as resilient as possible, at any link in the chain.

• SLSA @ GitHub.
• Securing the software supply chain with the SLSA framework @ Trail of Bits Blog.