SLSA uses provenance to indicate whether an artifact is authentic or not, but provenance doesn’t do anything unless somebody inspects it. SLSA calls that inspection verification, and this page describes how to verify artifacts and their SLSA provenenance. The intended audience is platform implementers, security engineers, and software consumers.| SLSA
This page covers the detailed technical requirements for producing artifacts at each SLSA level. The intended audience is platform implementers and security engineers.| SLSA
Before diving into the SLSA specification levels, we need to establish a core set of terminology and models to describe what we’re protecting.| SLSA
An introduction to the guiding principles behind SLSA’s design decisions.| SLSA
Description of SLSA provenance specification for verifying where, when, and how something was produced.| SLSA
A comprehensive technical analysis of supply chain threats and their corresponding mitigations in SLSA.| SLSA