Supply-chain Levels for Software Artifacts (SLSA, pronounced 'salsa') is a security framework providing a graded checklist of controls to prevent tampering and improve the integrity of software packages and build pipelines. It establishes a common taxonomy for supply chain threats, mapping specific mitigations to increasing levels of assurance, from basic source code management to hermetic, reproducible builds with non-falsifiable provenance.
Glossary
Supply-chain Levels for Software Artifacts (SLSA)

What is Supply-chain Levels for Software Artifacts (SLSA)?
An end-to-end framework for ensuring the integrity of software artifacts throughout the supply chain, protecting against source, build, and dependency tampering.
SLSA defines four ascending levels of maturity. Level 1 requires a scripted build process. Level 2 mandates version control and a hosted build service generating authenticated provenance. Level 3 enforces isolated, hermetic builds with auditable source and dependency controls. The highest, Level 4, demands two-person review of all changes and a fully reproducible, encrypted build process, ensuring bit-for-bit artifact integrity.
Core Components of SLSA
The Supply-chain Levels for Software Artifacts (SLSA) framework is structured around a set of core components that work together to provide end-to-end integrity guarantees. These components form a verifiable chain of custody from source code to deployed artifact.
Source Integrity
The foundational requirement that source code is protected from unauthorized modification. This involves strong authentication for code commits, branch protection rules requiring peer review, and cryptographic signing of tags and commits. The source repository must maintain an immutable history, ensuring every change is attributed to a verified identity. This prevents malicious actors from injecting vulnerabilities directly into the codebase without detection.
Build Integrity
The requirement that the build process itself is hardened against tampering. This mandates hermetic builds executed in isolated, ephemeral environments with no network access. The build pipeline must generate a cryptographically signed provenance attestation that records all inputs (source hash, dependencies, build commands) and outputs (artifact hashes). This creates a non-repudiable statement that can be independently verified.
Provenance Verification
The process of cryptographically validating the attestation that accompanies every artifact. A provenance document, typically generated in in-toto format, is checked against a trusted policy engine like Open Policy Agent (OPA). Verification confirms that the artifact was produced by a trusted builder, from a specific source repository, using an expected build recipe. This step closes the loop between source and artifact.
Common Requirements
A set of cross-cutting controls that apply across all SLSA levels. These include:
- Scripted Builds: All build steps defined as code, not manual actions.
- Ephemeral Environments: Builds run in fresh, disposable containers.
- Isolation: No build can influence another concurrently. These requirements ensure consistency and prevent contamination between builds, forming the baseline hygiene for any SLSA-compliant pipeline.
Dependency Management
The practice of explicitly declaring, pinning, and verifying all third-party dependencies. SLSA requires dependency pinning to exact cryptographic hashes, preventing dependency confusion attacks where malicious packages are substituted. All dependencies must be resolved from a trusted, private artifact registry that performs vulnerability scanning. This ensures the transitive dependency graph is fully known and verified.
Frequently Asked Questions
Clear, technical answers to the most common questions about the Supply-chain Levels for Software Artifacts framework, its implementation, and its role in modern DevSecOps.
Supply-chain Levels for Software Artifacts (SLSA, pronounced "salsa") is a security framework that provides a graduated checklist of controls to prevent tampering and improve the integrity of software artifacts throughout the supply chain. It works by defining four ascending levels of security rigor, from Level 1 (basic build script transparency) to Level 4 (hermetic, reproducible builds with two-person review). Each level introduces specific requirements around the source, build, and provenance of an artifact. The framework operates on the principle that consumers should be able to verify that an artifact was built from trusted source code, on a trusted build platform, without unauthorized modifications. SLSA does not prescribe specific tools but instead defines the attestations and policies that must be in place, making it compatible with tools like Sigstore, in-toto, and Tekton Chains.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
SLSA vs. Related Supply Chain Standards
A comparison of the Supply-chain Levels for Software Artifacts framework against other key specifications and tools in the software supply chain security ecosystem.
| Feature | SLSA | Sigstore | In-toto | TUF |
|---|---|---|---|---|
Primary Focus | End-to-end supply chain integrity levels | Keyless artifact signing and verification | Cryptographic attestation of supply chain steps | Securing software update systems |
Artifact Integrity | ||||
Provenance Generation | ||||
Build Platform Hardening | ||||
Dependency Verification | ||||
Keyless Signing via OIDC | ||||
Role-Based Trust Model | ||||
Maturity Levels (1-4) |
Related Terms
SLSA is implemented through a constellation of complementary tools and standards. These related concepts form the operational backbone of a verifiable software supply chain.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us