Assured Open Source Software Preview
Improve the security of your software supply chain by incorporating the same trusted open source software (OSS) packages that Google uses into your own developer workflows.
-
Benefit from Google’s OSS code testing and vulnerability management processes
-
Increase confidence in OSS code provenance
-
Obtain your OSS packages from a trusted source
-
Leverage the assured SBOM that accompanies each package
-
Choose from more than 250 curated Java and Python packages
Benefits
Improve security
Leverage Google’s end-to-end capabilities and expertise in securing open source software.
Increase efficiency
Reduce the need for your DevOps teams to develop and operate OSS security workflows.
Strengthen trust
Gain confidence surrounding your use of OSS to support your business.
Key features
Key features
Code scanning and vulnerability testing
Packages are built in Google’s own secured pipelines and are regularly scanned, analyzed, and fuzz tested for vulnerabilities.
Enriched metadata
Packages have corresponding enriched metadata incorporating Container/Artifact Analysis data.
SLSA-compliant builds
Packages are built with Cloud Build including evidence of verifiable SLSA-compliance.
Verified provenance and automatic SBOMs
Curated packages are accompanied by automatically generated SBOMs and all packages are verifiably signed by Google.
Secured distribution
Packages are distributed from an Artifact Registry secured and protected by Google.
What's new
Recommended reading
Documentation
Documentation
Assured Open Source Software Guides
Get a quick intro to using Assured OSS packages and learn how to complete specific tasks.
Software Delivery Shield
Enhance software supply chain security across the entire SDLC—from development, supply, and CI/CD to runtimes—with our fully managed, end-to-end solution.
Protect your software supply chain
Learn best practices that help protect your software across processes and systems in your software supply chain.
Shifting left on security: securing software supply chains
Understand the processes, tools, practices, and techniques that increase confidence in the SDLC by mitigating security-risk concerns.
Pricing
Pricing
Contact your account team for pricing information.
This product is in preview. Learn more about product launch stages.