How to Reach SLSA Levels

It's now easier than ever with with Scribe’s valint slsa. Fill in the form and get the use case now

SLSA (Supply-chain Levels for Software Artifacts) is a security framework aiming to prevent tampering, improve integrity, and secure packages and infrastructure.

The core concept of SLSA is that a software artifact can be trusted only if it complies with three requirements:

  1. The artifact should have a Provenance document describing its origin and building process (L1).
  2. The Provenance document should be trustworthy and verified downstream (L2).
  3. The build system should be trustworthy (L3).

 

The SLSA framework defines levels, which represent how secure the software supply chain is. These levels correspond to the level of implementation of these requirements (noted as L1-L3 above).

 

Meeting SLSA requirements is.. Well.. complex. It involves a nuanced understanding of CI-platform dependencies, defies full automation, and demands a meticulous security analysis of build systems and pipelines. 

 

If SLSA L3 is the path forward for your organization, it’s time to roll up your sleeves. 

Scribe’s valint slsacommand can be used to produce Provenance documents. Following, we describe how to achieve SLSA levels by using this tool.

 

Get this use case,  which provides our recommended checklist to guide you through the process

All Resources

Last Resources

Watch the recording of our Balck Hat 2024 panel, “From Trust to Evidence-Based Continuous Assurance: The Future of Security Governance and Compliance”. It sparked great…
Navigating the requirements of CISA’s Secure Software Development-Attestation Form can be challenging, especially with impending deadlines (June 11th & September 11th). Watch this insightful webinar…