ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

SLSA-EDI

Google framework grading software supply-chain security.

Definition

SLSA v1.0 (2023) defines 4 Build Track levels: L0 (no protection), L1 (provenance documented), L2 (hosted build platform), L3 (hardened builds). Source Track: source code protection. Dependencies Track: dependency security. For an EDI vendor: aim L3 on build (Sigstore-signed provenance) and L2 on dependencies (SBOM + regular scans).

Origin

Created by Google in 2021, transferred to Open Source Security Foundation (OpenSSF) in 2022.

Example in context

An AS2 container image with SLSA L3 attestation (built on GitHub Actions, signed by Sigstore).

  • SBOM — related dependency inventory.

Last updated: May 14, 2026