How to Reach SLSA Levels

It's now easier than ever with with Scribe’s valint slsa. Fill in the form and get the use case now

SLSA (Supply-chain Levels for Software Artifacts) is a security framework aiming to prevent tampering, improve integrity, and secure packages and infrastructure.

The core concept of SLSA is that a software artifact can be trusted only if it complies with three requirements:

  1. The artifact should have a Provenance document describing its origin and building process (L1).
  2. The Provenance document should be trustworthy and verified downstream (L2).
  3. The build system should be trustworthy (L3).

 

The SLSA framework defines levels, which represent how secure the software supply chain is. These levels correspond to the level of implementation of these requirements (noted as L1-L3 above).

 

Meeting SLSA requirements is.. Well.. complex. It involves a nuanced understanding of CI-platform dependencies, defies full automation, and demands a meticulous security analysis of build systems and pipelines. 

 

If SLSA L3 is the path forward for your organization, it’s time to roll up your sleeves. 

Scribe’s valint slsacommand can be used to produce Provenance documents. Following, we describe how to achieve SLSA levels by using this tool.

 

Get this use case,  which provides our recommended checklist to guide you through the process

All Resources

Last Resources

Watch industry experts Arun DeSouza (Hall of Fame CISO & Executive Advisory Board Member at Cyera), Ran I. (VP of Strategy and Product at Argus…
Scribe is the first solution to focus on the PS (Protect the Software) group of practices within the SSDF. Fill in the form and get the use case now
Watch this on-demand webinar featuring Fernando Enrile, a renowned Security Compliance Leader in FinTech, and Terry O’Daniel, the esteemed Head of Security at Amplitude, and…