Supply chain levels for Software Artifacts (SLSA) is a framework that covers source code to service. With this framework you can measure the levels of software security.