security

SLSA

Supply Chain Levels for Software Artifacts

Definition

SLSA is a security framework that defines four progressive levels of supply chain integrity, from basic build provenance (Level 1) to hermetic, reproducible builds with verified provenance (Level 4). Achieving a given SLSA level provides assurance that artifacts were not tampered with between source code and deployment.

SLSA provenance attestations are machine-verifiable and can be enforced in deployment pipelines.

Related Terms

Sigstore

Sigstore Code Signing

OpenSSF

Open Source Security Foundation

Supply Chain Security

Software Supply Chain Security

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product