Stay organized with collections Save and categorize content based on your preferences.
Jump to

Assured Open Source Software Preview

Improve the security of your software supply chain by incorporating the same trusted open source software (OSS) packages that Google uses into your own developer workflows.

  • Benefit from Google’s OSS code testing and vulnerability management processes

  • Increase confidence in OSS code provenance

  • Obtain your OSS packages from a trusted source

  • Leverage the assured SBOM that accompanies each package

  • Choose from more than 250 curated Java and Python packages

Assured Open Source Software


Improve security

Leverage Google’s end-to-end capabilities and expertise in securing open source software.

Increase efficiency

Reduce the need for your DevOps teams to develop and operate OSS security workflows.

Strengthen trust

Gain confidence surrounding your use of OSS to support your business.

Key features

Key features

Code scanning and vulnerability testing

Packages are built in Google’s own secured pipelines and are regularly scanned, analyzed, and fuzz tested for vulnerabilities.

Enriched metadata

Packages have corresponding enriched metadata incorporating Container/Artifact Analysis data.

SLSA-compliant builds

Packages are built with Cloud Build including evidence of verifiable SLSA-compliance.

Verified provenance and automatic SBOMs

Curated packages are accompanied by automatically generated SBOMs and all packages are verifiably signed by Google.

Secured distribution

Packages are distributed from an Artifact Registry secured and protected by Google.

What's new



Assured Open Source Software Guides

Get a quick intro to using Assured OSS packages and learn how to complete specific tasks.

Google Cloud Basics
Software Delivery Shield

Enhance software supply chain security across the entire SDLC—from development, supply, and CI/CD to runtimes—with our fully managed, end-to-end solution.

Google Cloud Basics
Protect your software supply chain

Learn best practices that help protect your software across processes and systems in your software supply chain.

Google Cloud Basics
Shifting left on security: securing software supply chains

Understand the processes, tools, practices, and techniques that increase confidence in the SDLC by mitigating security-risk concerns.



Contact your account team for pricing information.