GitHub: How Code Provenance Can Prevent Supply Chain Attacks

Through artifact attestation and the SLSA framework, GitHub's Jennifer Schelkopf argues that at least some supply chain attacks can be stopped in their tracks.