Stay organized with collections Save and categorize content based on your preferences.
Jump to
Assured OSS

Assured Open Source Software Preview

Improve the security of your software supply chain by incorporating the same trusted open source software (OSS) packages that Google uses into your own developer workflows.

Get started Get started

  • Benefit from Google’s OSS code testing and vulnerability management processes

  • Increase confidence in OSS code provenance

  • Obtain your OSS packages from a trusted source

  • Leverage the assured SBOM that accompanies each package

  • Choose from more than 250 curated Java and Python packages
Assured Open Source Software

Benefits

Improve security

Leverage Google’s end-to-end capabilities and expertise in securing open source software.

Increase efficiency

Reduce the need for your DevOps teams to develop and operate OSS security workflows.

Strengthen trust

Gain confidence surrounding your use of OSS to support your business.

Key features

Key features

Code scanning and vulnerability testing

Packages are built in Google’s own secured pipelines and are regularly scanned, analyzed, and fuzz tested for vulnerabilities.

Enriched metadata

Packages have corresponding enriched metadata incorporating Container/Artifact Analysis data.

SLSA-compliant builds

Packages are built with Cloud Build including evidence of verifiable SLSA-compliance.

Verified provenance and automatic SBOMs

Curated packages are accompanied by automatically generated SBOMs and all packages are verifiably signed by Google.

Secured distribution

Packages are distributed from an Artifact Registry secured and protected by Google.

Managing the risks of open source dependencies in your software supply chain

VIDEO

Managing the risks of open source dependencies in your software supply chain

20:14

What's new

Recommended reading

Introducing Google Cloud’s new Assured Open Source Software service

Blog post

Introducing Google Cloud’s new Assured Open Source Software service Learn more

Know, prevent, fix: shifting the discussion around vulnerabilities in OSS

Blog post

Know, prevent, fix: shifting the discussion around vulnerabilities in OSS Learn more

Managing the risks of open source dependencies in your software supply chain

Blog post

Managing the risks of open source dependencies in your software supply chain Learn more

Documentation

Documentation

Quickstart
Assured Open Source Software Guides

Get a quick intro to using Assured OSS packages and learn how to complete specific tasks.

Learn more
Google Cloud Basics
Software Delivery Shield

Enhance software supply chain security across the entire SDLC—from development, supply, and CI/CD to runtimes—with our fully managed, end-to-end solution.

Learn more
Google Cloud Basics
Protect your software supply chain

Learn best practices that help protect your software across processes and systems in your software supply chain.

Learn more
Google Cloud Basics
Shifting left on security: securing software supply chains

Understand the processes, tools, practices, and techniques that increase confidence in the SDLC by mitigating security-risk concerns.

Learn more
Not seeing what you’re looking for?
View all product documentation

Pricing

Pricing

Contact your account team for pricing information.

This product is in preview. Learn more about product launch stages.

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Get started for free

Take the next step

Start your next project, explore interactive tutorials, and manage your account.

Get started