Google has launched OSS Rebuild to enhance trust in open source software by automating the reproduction of package builds and generating SLSA Provenance. This initiative aims to improve security against supply chain attacks while minimizing the burden on package maintainers. By providing tools for build verification and observability, OSS Rebuild seeks to empower security teams and improve the integrity of open source software ecosystems.

OSS Rebuild is a new initiative aimed at enhancing trust in open source package ecosystems by enabling the reproduction of upstream artifacts. This project automates the creation of build definitions for popular package registries, providing security teams with valuable data to mitigate supply chain attacks while minimizing the burden on package maintainers. It seeks to improve transparency and security across various open source ecosystems, starting with support for PyPI, npm, and Crates.io.