SLSA specification
SLSA is a specification for describing and incrementally improving supply chain security, established by industry consensus. It is organized into a series of levels that describe increasing security guarantees.
This is the Working Draft of what the next version of the SLSA specification might be. It defines several SLSA levels and tracks, as well as recommended attestation formats, including provenance.
Understanding SLSA
This section provides an overview of SLSA, how it helps protect against common supply chain attacks, and common use cases. If you’re new to SLSA or supply chain security, start here.
| Page | Description |
|---|---|
| What’s new | The changes brought by this Working Draft. |
| About SLSA | An introductory guide to SLSA |
| Supply chain threats | An introduction to supply chain threats |
| Use cases | Use cases |
| Guiding principles | Use cases |
| FAQ | Questions and more information |
| Future directions | Additions and changes being considered for future SLSA versions |
Core specification
This section describes SLSA’s security levels and requirements for each track. If you want to achieve a particular SLSA level, these are the requirements you’ll need to meet.
| Page | Description |
|---|---|
| Terminology | Terminology and model used by SLSA |
| Security levels and tracks | Overview of SLSA’s tracks and levels, intended for all audiences |
| Threats & mitigations | Detailed information about specific supply chain attacks and how SLSA helps |
Attestation formats
This section includes the concrete schemas for SLSA attestations. The Provenance and VSA formats are recommended, but not required by the specification.
| Page | Description |
|---|---|
| General model | General attestation mode |
| Provenance | Suggested provenance format and explanation |
| Verification Summary | Suggested VSA format and explanation |