Software supply chain attacks are increasing, thereby heightening the necessity for transparent, evidence-based trust in software. Such attacks can occur at any point in a software supply chain, and a significant number of software producers struggle to secure and establish trust in their software...