Awareness of software supply chain risks is increasing with the rise of vulnerabilities like Log4j and Spring4shell. Cyberattacks targeting open source suppliers have increased by 650% year-over-year. The White House Executive Order 14028 on Improving the Nation’s Cybersecurity has led to new requirements and standards worldwide for enhancing software security. Google is actively involved in securing open source software through initiatives like OpenSSF, OSV database, and OSS-Fuzz. They are introducing Assured Open Source Software to help organizations strengthen their OSS supply chain. Google Cloud and Snyk are collaborating to reduce risk by integrating Assured OSS into Snyk solutions. Assured OSS will include verified packages, enriched metadata, and will enter Preview in Q3 2022.
https://cloud.google.com/blog/products/identity-security/introducing-assured-open-source-software-service