all InfoSec news
Software Supply Chain Attribute Integrity (SCAI). (arXiv:2210.05813v1 [cs.SE])
cs.CR updates on arXiv.org arxiv.org
The Software Supply Chain Attribute Integrity, or SCAI (pronounced "sky"),
specification proposes a data format for capturing functional attribute and
integrity information about software artifacts and their supply chain. SCAI
data can be associated with executable binaries, statically- or
dynamically-linked libraries, software packages, container images, software
toolchains, and compute environments.
As such, SCAI is intended to be implemented as part of an existing software
supply chain attestation framework by software development tools or services
(e.g., builders, CI/CD pipelines, software analysis …
integrity software software supply chain supply supply chain