AdaCore Achieves SLSA Build Level 3 Certification to Strengthen Software Supply Chain Security

Summary

AdaCore, a provider of software development tools for safety-critical and security-critical systems, has announced significant progress in its software supply chain security initiatives, achieving SLSA (Supply Chain Levels for Software Artifacts) Build Level 3 certification. The company's efforts align with increasing cybersecurity requirements from both U.S. and European regulators, including CMMC 2.0, NIST SSDF, and emerging EU frameworks like the Cyber Resilience Act and NIS2 directive.

The achievement represents a comprehensive approach to build system security, incorporating signed Software Bills of Materials (SBOMs), provenance files, and hardened, isolated build environments. AdaCore has implemented CMMC Level 2 conformance company-wide and adopted NIST 800-171 controls for protecting Federal Contract Information and Controlled Unclassified Information. The company emphasizes that these measures extend beyond regulatory compliance to establish stronger trust relationships with customers.

AdaCore's SLSA Build Level 3 certification involves rigorous verification of build processes, ensuring that software artifacts are produced in isolated, tamper-resistant environments with full traceability. This includes cryptographically signed attestations that provide customers with verifiable evidence of build integrity and origin. The initiative covers AdaCore's suite of products including GNAT Pro compilation toolchains, SPARK Pro formal verification tools, and static analysis solutions for Ada, C/C++, and Rust programming languages.

• The security initiative positions AdaCore to meet both current regulatory requirements (NIST SSDF, CMMC) and emerging EU frameworks including the Cyber Resilience Act and NIS2 directive