Assured OSS

Your trusted source,
for open source software packages

Improve the security of your software supply chain by incorporating the same trusted open source software (OSS) packages that Google secures and uses into your own developer workflows.

Video | 20:14
Managing the risks of open source dependencies in your software supply chain

Build trust in critical dependencies

Take control of your dependencies

Packages are built with Cloud Build, including evidence of verifiable SLSA-compliance. We provide three levels of package assurance: level 1, built and signed by Google, level 2, securely built from vetted sources, and attested to all transitive dependencies, and level 3, including transitive closure of all dependencies and continuously scanned and fuzzed.
SBOMs for each package come with enriched metadata including Cloud Build, Container Analysis, package health, and vulnerability impact data, provided in SPDX and VEX formats.
Packages include OSV data and are regularly scanned, analyzed, and fuzz-tested for vulnerabilities.
Packages and metadata include end-to-end provenance of how the packages were built and tested
Signed versions of the packages and their metadata are distributed from a Google-managed, secured, and protected Artifact Registry
New packages are added on an ongoing basis based on the open source projects that impact our customers.

Learn more

Assured Open Source Software Guides

Get a quick intro to using Assured OSS packages and learn how to complete specific tasks.

Software Delivery Shield

Enhance software supply chain security across the entire SDLC—from development, supply, and CI/CD to runtimes—with our fully managed, end-to-end solution.

Protect your software supply chain

Learn best practices that help protect your software across processes and systems in your software supply chain.

Shifting left on security: securing software supply chains

Understand the processes, tools, practices, and techniques that increase confidence in the SDLC by mitigating security-risk concerns.
Need help with anything else? Get in touch with us