Inferensys

Glossary

SLSA Framework

The SLSA Framework (Supply-chain Levels for Software Artifacts) is a security framework providing a checklist of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in software supply chains.
Supply chain manager using AI negotiator on laptop, supplier data visible, casual office afternoon setup.
SUPPLY CHAIN INTEGRITY

What is the SLSA Framework?

A graduated security framework that establishes a common language and set of controls to ensure the integrity of software artifacts throughout the development and deployment lifecycle.

The SLSA Framework (Supply-chain Levels for Software Artifacts) is a systematic, check-list-based security specification that defines increasing levels of tamper resistance for software build and distribution pipelines. It provides a common taxonomy for organizations to measure and communicate the trustworthiness of their software supply chain, moving from basic source code management to hermetic, fully attested builds that prevent unauthorized modification.

SLSA defines four ascending levels of security maturity, from Level 1 (requiring a build script and provenance generation) to Level 4 (mandating a two-person review of all changes and a hermetic, fully isolated build process). The framework relies heavily on cryptographic attestations, such as in-toto metadata, to create a non-repudiable, verifiable record linking a final software package back to its source code, build instructions, and ephemeral environment.

SUPPLY CHAIN INTEGRITY

Core Components of the SLSA Framework

The Supply-chain Levels for Software Artifacts (SLSA, pronounced 'salsa') framework is a graduated set of security controls designed to prevent tampering and improve the integrity of software packages and infrastructure. It provides a common taxonomy for how to think about software supply chain security.

01

Build L3: Hardened Build Platform

The current highest fully-achievable level for most organizations. SLSA Build L3 requires that the build process runs on a hardened, isolated platform with strong tenant isolation. This prevents one build from influencing another. Key requirements include:

  • Ephemeral and isolated build environments
  • No network access to prevent exfiltration of secrets
  • Hermetic builds that are fully defined and reproducible
  • Output is a cryptographically signed in-toto attestation binding the artifact to its provenance
L3
Target Maturity Level
02

Provenance Generation

The core artifact of any SLSA-compliant pipeline is the non-falsifiable provenance. This metadata record describes how an artifact was produced, including the build recipe, source materials, and build environment. Provenance must be:

  • Cryptographically signed by the build platform's private key
  • Verifiable by any consumer using the platform's public key
  • Generated as an in-toto attestation conforming to the SLSA v1.0 provenance schema This allows policy engines to answer the question: 'Should I trust this artifact?'
03

Source Integrity (Level 2)

Before securing the build, you must secure the source. SLSA Source Level 2 requires:

  • Version-controlled history with a strong, auditable retention policy
  • Verified commit authorship using cryptographic signing (e.g., SSH or GPG keys)
  • Branch protection rules preventing direct pushes to main
  • Two-person review mandatory for all changes This establishes a chain of custody from the developer's intent to the source code ingested by the build system.
04

The SLSA Policy Engine

SLSA is not just a checklist; it's an automated enforcement mechanism. A policy engine consumes signed attestations and evaluates them against organizational policy. For example, a policy might state: 'Only allow deployment of container images built from the main branch on the trusted CI platform.' The engine cryptographically verifies the attestation's signature and checks the predicate fields. This decouples policy evaluation from the build process itself, enabling consistent, automated enforcement across heterogeneous environments.

05

Dependencies & Verification Summary

SLSA Level 4 represents the ideal state of hermeticity and reproducibility. A build is hermetic if all transitive dependencies are declared and controlled. A build is reproducible if two independent builds from the same source produce a bit-for-bit identical output. While difficult to achieve universally, these properties enable:

  • Verification summary attestations (VSA) that confirm an artifact meets a specific SLSA level
  • Binary authorization where only verified artifacts pass through the deployment gate
  • Defense against advanced supply chain attacks like the SolarWinds incident
SUPPLY-CHAIN INTEGRITY

SLSA Levels: A Comparative Overview

A comparison of the increasing security rigor and tamper-resistance guarantees across the four Supply-chain Levels for Software Artifacts (SLSA) Build track.

FeatureSLSA Level 1SLSA Level 2SLSA Level 3SLSA Level 4

Primary Objective

Build transparency via provenance

Tamper resistance via hosted build service

Tamper prevention via hardened build platform

Hermetic, auditable, and reproducible builds

Provenance Generation

Provenance Authenticated

Provenance Non-Falsifiable

Build Script Source Known

Build Runs on Dedicated Infrastructure

Defense Against Cross-Build Contamination

Isolated, Ephemeral Build Environment

Hermetic Build (No Network Access)

Reproducible Build Required

Two-Person Review of Source Changes

Typical Verification Method

Manual inspection of provenance

Automated policy check on signed provenance

Automated policy check on non-falsifiable attestation

Automated policy check with hermeticity verification

SLSA FRAMEWORK

Frequently Asked Questions

Clear, technically precise answers to the most common questions about the Supply-chain Levels for Software Artifacts framework, its implementation, and its role in securing the software development lifecycle.

The SLSA framework (Supply-chain Levels for Software Artifacts, pronounced "salsa") is a security framework that provides a graduated checklist of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in software supply chains. It works by defining four ascending levels of security maturity—from Level 1 (basic build provenance) to Level 4 (hermetic, reproducible, two-person reviewed builds)—that an organization can adopt incrementally. Each level introduces stricter requirements around source code management, build process isolation, provenance generation, and artifact verification. The framework is designed to be actionable and measurable, giving security architects a concrete roadmap to mitigate threats like source code injection, compromised build platforms, and dependency confusion attacks. SLSA is inspired by Google's internal Binary Authorization for Borg system and is now maintained as an open standard under the OpenSSF (Open Source Security Foundation).

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.