The SLSA Framework (Supply-chain Levels for Software Artifacts) is a security specification that provides a graduated checklist of controls to prevent tampering and ensure the integrity and provenance of software throughout its build and deployment lifecycle. It establishes a common language for communicating supply chain security posture.
Glossary
SLSA Framework

What is SLSA Framework?
A graduated security framework for ensuring the integrity and provenance of software artifacts throughout the build and deployment lifecycle.
SLSA defines four ascending levels of security maturity, from basic build scripting to hermetic, reproducible builds with non-falsifiable provenance attestations. By requiring in-toto attestations and isolated build environments, the framework mitigates threats like source code injection, compromised build platforms, and dependency confusion attacks.
The Four SLSA Security Levels
Supply-chain Levels for Software Artifacts (SLSA, pronounced "salsa") is a graduated security framework that defines four ascending levels of build integrity and provenance controls. Each level provides a checklist of concrete, automatable requirements to prevent tampering and ensure the verifiable origin of software artifacts.
Level 1: Basic Provenance
The foundational tier requires that the build process generates a provenance attestation—a verifiable statement describing how the artifact was built, including source repository, build command, and entry point. This data must be made available to consumers for manual inspection. However, the build itself is not required to be hermetic or isolated, meaning the provenance is informational rather than tamper-proof. Level 1 establishes the cultural and tooling baseline for generating signed metadata without enforcing strict security controls on the build environment.
Level 2: Hosted Build Platform
This level mandates the use of a dedicated, hosted build service (e.g., GitHub Actions, Google Cloud Build) rather than a developer's local workstation. The build platform must generate and sign provenance automatically. Key requirements include:
- Source integrity: The build service must fetch source from a defined, version-controlled location.
- Signed provenance: The platform cryptographically signs the attestation, linking it to the build service's identity. This prevents a malicious insider from manually crafting a fake provenance record on their laptop, as all builds must flow through a controlled, observable channel.
Level 3: Hardened Builds
Level 3 introduces stringent controls to prevent the build process itself from being subverted. The build must run in an isolated, ephemeral, and hermetic environment with no network access to prevent exfiltration or injection of untrusted dependencies. Specific controls include:
- Non-falsifiable provenance: Consumers can cryptographically verify the provenance was generated by a trusted platform and has not been tampered with.
- Hermeticity: All build inputs, including transitive dependencies, must be declared and fetched from a trusted, immutable source before isolation begins.
- Reproducibility: While not strictly required, the build configuration must be fully captured to enable auditing and eventual reproduction. This level provides strong resistance against compromised build tools or dependency confusion attacks.
Level 4: Maximum Security
The highest assurance tier requires hermetic, fully reproducible builds and two-person review of all source code and build configurations. A Level 4 artifact can be independently rebuilt bit-for-bit from source, providing cryptographic proof that no tampering occurred during compilation. Requirements include:
- Reproducible builds: Independent rebuilds produce a byte-for-byte identical artifact.
- Two-person review: All changes to source and build recipes must be approved by a second authorized party.
- Asymmetric isolation: The build process has no network access, and the provenance signing key is stored in a hardware security module (HSM). This level defends against sophisticated supply-chain attacks where the build platform itself might be compromised by a persistent adversary.
Frequently Asked Questions
Clear, technical answers to the most common questions about Supply-chain Levels for Software Artifacts, the graduated security framework for ensuring end-to-end software integrity.
The SLSA (Supply-chain Levels for Software Artifacts) framework, pronounced "salsa," is a security standard that provides a graduated checklist of controls to prevent tampering and ensure the integrity and provenance of software throughout its build and deployment lifecycle. It works by defining four ascending levels of security maturity, from basic build scripting to hermetic, fully attested builds. Each level introduces stricter requirements for the source, build, and provenance aspects of an artifact. For example, SLSA Level 1 requires a scripted build, while Level 4 demands a hermetic build process, two-person review of all changes, and non-falsifiable provenance attestations. The framework is designed to mitigate specific threats like source code tampering, compromised build platforms, and dependency confusion attacks by making the software supply chain auditable and verifiable.
SLSA vs. Related Supply Chain Standards
A comparison of the SLSA framework with other major standards and specifications governing software supply chain integrity and artifact provenance.
| Feature | SLSA | in-toto | Sigstore | SBOM (SPDX/CycloneDX) |
|---|---|---|---|---|
Primary Focus | Graduated security levels for build & deployment integrity | Cryptographic attestation of supply chain steps | Keyless artifact signing & signature transparency | Inventory of software components & dependencies |
Build Provenance | ||||
Tamper-Proof Attestations | ||||
Transparency Log | ||||
Dependency Graph Generation | ||||
Maturity Levels | 4 levels (0-3) | |||
Keyless Signing Support | ||||
Standard Body | OpenSSF (Linux Foundation) | CNCF | OpenSSF (Linux Foundation) | Linux Foundation / OWASP |
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Core concepts that intersect with the SLSA Framework to establish end-to-end software provenance and tamper-proof build pipelines.
Merkle Tree Verification
A cryptographic data structure using a tree of hashes that allows efficient and secure verification of the integrity and membership of a specific data block within a large, immutable dataset or log. Underpins the transparency logs used in SLSA-compliant provenance systems.
- Efficiency: Verifying a single record requires only O(log n) hash comparisons, not the entire dataset
- Tamper Evidence: Any change to a leaf node cascades upward, invalidating the root hash
- Application: Powers Rekor's transparency log and Certificate Transparency for build artifact verification
Digital Signature
A cryptographic mechanism using asymmetric key pairs to validate the authenticity and integrity of a digital message or document, providing non-repudiation of the signer's identity. SLSA mandates digital signatures on provenance attestations to prevent forgery.
- Algorithm: Ed25519, ECDSA, or RSA with secure key lengths
- SLSA Requirement: Build platforms must sign provenance with a private key accessible only to the build service
- Non-Repudiation: A valid signature cryptographically proves the build platform—not an attacker—generated the attestation
Immutable Audit Trail
A chronologically ordered, write-once-read-many log of all events and transactions related to a data asset, cryptographically secured to prevent retroactive alteration. SLSA's highest assurance level (L3) requires an immutable audit trail for all build and provenance generation steps.
- Implementation: Append-only ledgers, transparency logs, or blockchain anchoring
- SLSA L3 Requirement: Build process must be fully auditable with no mutable intermediate states
- Verification: Auditors can replay the log to reconstruct exactly what happened during a build, even years later

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us