SLSA: Security framework to ensure software supply chain integrity| SLSA
The initial draft version (v0.1) of SLSA had a larger scope including protections against tampering with source code and a higher level of build integrity (Build L4). This page collects some early thoughts on how SLSA might evolve in future versions to re-introduce these notions and add other additional aspects of automatable supply chain security.| SLSA
Description of SLSA provenance specification for verifying where, when, and how something was produced.| SLSA
Web3 has a weakness, and that is CI/CD security. Learn how I responsibly disclosed a Critical vulnerability in Astar Network’s GitHub repository that would have allowed attackers to conduct a…| Adnan Khan's Blog
Ladder of increasing security guarantees.| SLSA
Specific supply chain attacks and how SLSA helps.| SLSA
Today, we are excited to announce the important milestone of a release candidate (RC) SLSA Specification. This is the first major update to SLSA since its v0.1 release in June 2021, and the RC finalizes multiple revisions to the SLSA specifications and requirements. We’re grateful for the huge community engagement that went into shaping this work.| SLSA
