Through artifact attestation and the SLSA framework, GitHub’s Jennifer Schelkopf argues that at least some supply chain attacks can be stopped in their tracks.
First seen on darkreading.com
Jump to article: www.darkreading.com/application-security/github-code-provenance-supply-chain-attacks
