Inferensys

Glossary

Supply-chain Levels for Software Artifacts (SLSA)

An end-to-end framework for ensuring the integrity of software artifacts throughout the supply chain, protecting against source, build, and dependency tampering.
Supply chain manager using AI negotiator on laptop, supplier data visible, casual office afternoon setup.
FRAMEWORK

What is Supply-chain Levels for Software Artifacts (SLSA)?

An end-to-end framework for ensuring the integrity of software artifacts throughout the supply chain, protecting against source, build, and dependency tampering.

Supply-chain Levels for Software Artifacts (SLSA, pronounced 'salsa') is a security framework providing a graded checklist of controls to prevent tampering and improve the integrity of software packages and build pipelines. It establishes a common taxonomy for supply chain threats, mapping specific mitigations to increasing levels of assurance, from basic source code management to hermetic, reproducible builds with non-falsifiable provenance.

SLSA defines four ascending levels of maturity. Level 1 requires a scripted build process. Level 2 mandates version control and a hosted build service generating authenticated provenance. Level 3 enforces isolated, hermetic builds with auditable source and dependency controls. The highest, Level 4, demands two-person review of all changes and a fully reproducible, encrypted build process, ensuring bit-for-bit artifact integrity.

SUPPLY-CHAIN INTEGRITY FRAMEWORK

Core Components of SLSA

The Supply-chain Levels for Software Artifacts (SLSA) framework is structured around a set of core components that work together to provide end-to-end integrity guarantees. These components form a verifiable chain of custody from source code to deployed artifact.

01

Source Integrity

The foundational requirement that source code is protected from unauthorized modification. This involves strong authentication for code commits, branch protection rules requiring peer review, and cryptographic signing of tags and commits. The source repository must maintain an immutable history, ensuring every change is attributed to a verified identity. This prevents malicious actors from injecting vulnerabilities directly into the codebase without detection.

Level 1-3
Source Requirements
02

Build Integrity

The requirement that the build process itself is hardened against tampering. This mandates hermetic builds executed in isolated, ephemeral environments with no network access. The build pipeline must generate a cryptographically signed provenance attestation that records all inputs (source hash, dependencies, build commands) and outputs (artifact hashes). This creates a non-repudiable statement that can be independently verified.

SLSA Level 3
Minimum for Hermeticity
03

Provenance Verification

The process of cryptographically validating the attestation that accompanies every artifact. A provenance document, typically generated in in-toto format, is checked against a trusted policy engine like Open Policy Agent (OPA). Verification confirms that the artifact was produced by a trusted builder, from a specific source repository, using an expected build recipe. This step closes the loop between source and artifact.

in-toto
Attestation Standard
04

Common Requirements

A set of cross-cutting controls that apply across all SLSA levels. These include:

  • Scripted Builds: All build steps defined as code, not manual actions.
  • Ephemeral Environments: Builds run in fresh, disposable containers.
  • Isolation: No build can influence another concurrently. These requirements ensure consistency and prevent contamination between builds, forming the baseline hygiene for any SLSA-compliant pipeline.
4 Tracks
SLSA v1.0 Structure
05

Dependency Management

The practice of explicitly declaring, pinning, and verifying all third-party dependencies. SLSA requires dependency pinning to exact cryptographic hashes, preventing dependency confusion attacks where malicious packages are substituted. All dependencies must be resolved from a trusted, private artifact registry that performs vulnerability scanning. This ensures the transitive dependency graph is fully known and verified.

Dependency Track
SLSA v1.0
SLSA FRAMEWORK

Frequently Asked Questions

Clear, technical answers to the most common questions about the Supply-chain Levels for Software Artifacts framework, its implementation, and its role in modern DevSecOps.

Supply-chain Levels for Software Artifacts (SLSA, pronounced "salsa") is a security framework that provides a graduated checklist of controls to prevent tampering and improve the integrity of software artifacts throughout the supply chain. It works by defining four ascending levels of security rigor, from Level 1 (basic build script transparency) to Level 4 (hermetic, reproducible builds with two-person review). Each level introduces specific requirements around the source, build, and provenance of an artifact. The framework operates on the principle that consumers should be able to verify that an artifact was built from trusted source code, on a trusted build platform, without unauthorized modifications. SLSA does not prescribe specific tools but instead defines the attestations and policies that must be in place, making it compatible with tools like Sigstore, in-toto, and Tekton Chains.

FRAMEWORK COMPARISON

SLSA vs. Related Supply Chain Standards

A comparison of the Supply-chain Levels for Software Artifacts framework against other key specifications and tools in the software supply chain security ecosystem.

FeatureSLSASigstoreIn-totoTUF

Primary Focus

End-to-end supply chain integrity levels

Keyless artifact signing and verification

Cryptographic attestation of supply chain steps

Securing software update systems

Artifact Integrity

Provenance Generation

Build Platform Hardening

Dependency Verification

Keyless Signing via OIDC

Role-Based Trust Model

Maturity Levels (1-4)

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.