Guidelines for assessing build platform security.| SLSA
Before diving into the SLSA specification levels, we need to establish a core set of terminology and models to describe what we’re protecting.| SLSA
An introduction to the guiding principles behind SLSA’s design decisions.| SLSA
The initial draft version (v0.1) of SLSA had a larger scope including protections against tampering with source code and a higher level of build integrity (Build L4). This page collects some early thoughts on how SLSA might evolve in future versions to re-introduce these notions and add other additional aspects of automatable supply chain security.| SLSA
A software attestation is an authenticated statement (metadata) about a software artifact or collection of software artifacts. The primary intended use case is to feed into automated policy engines, such as in-toto and Binary Authorization. This page provides a high-level overview of the attestation model, including standardized terminology, data model, layers, and conventions for software attestations.| SLSA
Description of SLSA provenance specification for verifying where, when, and how something was produced.| SLSA
A comprehensive technical analysis of supply chain threats and their corresponding mitigations in SLSA.| SLSA
SLSA is organized into a series of levels that provide increasing supply chain security guarantees. This gives you confidence that software hasn’t been tampered with and can be securely traced back to its source. This page is a descriptive overview of the SLSA levels and tracks, describing their intent.| SLSA
[RFC Home] [TEXT|PDF|HTML] [Tracker] [IPR] [Errata] [Info page] | www.rfc-editor.org
Technical requirements to reach each level.| SLSA