As an lively member of the open supply software program (OSS) group, Google acknowledges the rising menace of software program provide chain assaults towards OSS we use and develop. Constructing on our efforts to enhance OSS safety with an end-to-end framework (SLSA), metrics (Scorecards), and coordinated vulnerability disclosure (information), we’re excited to announce Allstar. Allstar is a GitHub app that constantly enforces safety coverage settings by selectable automated enforcement actions. Allstar is already submitting and shutting safety points for Envoy and GoogleContainerTools, with extra organizations and repositories lined up. See the OpenSSF announcement for extra data on Allstar.