From securityonline.info
Supply-chain Levels for Software Artifacts (SLSA, pronounced salsa) is an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain. The requirements are inspired by Google’s internal “Binary Authorization for Borg” which has been in use for the past 8+ years and that is mandatory for all of Google’s production workloads.