Assured Open Source Software is a service that offers secure, trusted open-source packages, utilizing Google's security expertise to improve software supply chain security.

Key Features

• Trusted Source: Obtain OSS packages from a known and trusted supplier.
• SBOMs: Access detailed Software Bills of Materials (SBOMs) in industry-standard formats like SPDX.
• Vulnerability Management: Active scanning and fixing of vulnerabilities in curated packages.
• Provenance: Signed, tamper-evident provenance for package integrity.
• Package Selection: Choose from over 1,000 popular Java and Python packages, including ML/AI projects like TensorFlow.
• Security Testing: Regular scanning, analysis, and fuzz testing for vulnerabilities.
• SLSA Compliance: Packages meet Supply-chain Levels for Software Artifacts (SLSA) level 3 requirements.

Benefits

• Enhanced Security: Reduces risk by actively finding and fixing vulnerabilities.
• Streamlined Compliance: Helps organizations meet new regulatory requirements for software supply chain security.
• Efficiency: Reduces the need for DevOps teams to create and activate OSS security workflows.
• Cost Savings: Available for free, reducing costs associated with proprietary software or extensive security testing.