Your trusted source,
for open source software packages
Improve the security of your software supply chain by incorporating the same trusted open source software (OSS) packages that Google secures and uses into your own developer workflows.
Obtain your OSS packages from a trusted and known supplier
Know more about your ingredients from Assured SBOMs, provided in industry standard formats
Reduce risk and benefit from Google actively finding and fixing vulnerabilities in packages
Increase confidence in the integrity of the packages through signed, tamper-evident provenance
Choose from 1000+ curated Java/Python packages including ML/AI projects like TensorFlow
Video | 20:14
Managing the risks of open source dependencies in your software supply chain
Build trust in critical dependencies
SLSA-2 compliant builds
Packages are built with Cloud Build, including evidence of verifiable SLSA-compliance. We provide three levels of package assurance: level 1, built and signed by Google, level 2, securely built from vetted sources, and attested to all transitive dependencies, and level 3, including transitive closure of all dependencies and continuously scanned and fuzzed.
Fuzzing and vulnerability testing
Packages include OSV data and are regularly scanned, analyzed, and fuzz-tested for vulnerabilities.
Verifiable integrity and provenance
Packages and metadata include end-to-end provenance of how the packages were built and tested
Signed versions of the packages and their metadata are distributed from a Google-managed, secured, and protected Artifact Registry
Ongoing portfolio expansion
New packages are added on an ongoing basis based on the open source projects that impact our customers.
Assured Open Source Software GuidesGet a quick intro to using Assured OSS packages and learn how to complete specific tasks.
Software Delivery ShieldEnhance software supply chain security across the entire SDLC—from development, supply, and CI/CD to runtimes—with our fully managed, end-to-end solution.
Protect your software supply chainLearn best practices that help protect your software across processes and systems in your software supply chain.
Shifting left on security: securing software supply chainsUnderstand the processes, tools, practices, and techniques that increase confidence in the SDLC by mitigating security-risk concerns.
Still have questions?
Need help with anything else? Get in touch with us