SLSA - Supply-chain Levels For Software Artifacts

SLSA – Supply-chain Levels For Software Artifacts

SLSA (pronounced “salsa”) is security framework from source to service, giving anyone working with software a common language for increasing levels of software security and supply chain integrity.

The best way to read about SLSA is to visit slsa.dev.

What’s in this repo?

The primary content of this repo is the docs/ directory, which contains the core SLSA specification and sources to the slsa.dev website.

You can read SLSA’s documentation here:

Project status

SLSA is currently in alpha. The framework is constantly being improved. We encourage the community to try adopting SLSA levels incrementally and to share your experiences back to us.

Contributors

Get involved

We rely on feedback from other organisations to evolve SLSA and be more useful to more people. We’d love to hear your experiences using it.

Are the levels achievable in your project? Would you add or remove anything from the framework? What else is needed before you can adopt it?

Joining the working group

Leave a Reply

Your email address will not be published. Required fields are marked *

Special Offer for Hackers!Sign up to get your $5 Coupon code, weekly deals and latest hacking tools straight to your inbox!
X