What is SLSA?
A security framework for ensuring software supply chain integrity through build levels.
SLSA (Supply-chain Levels for Software Artifacts, pronounced 'salsa') is a security framework for preventing tampering of software artifacts. It defines four levels of increasing assurance, based on how builds are produced and provenance is recorded. SLSA 1: build process is documented. SLSA 2: uses a build service with provenance. SLSA 3: provenance is unforgeable. SLSA 4: hermetic, reproducible builds. It addresses attacks like SolarWinds where build pipelines were compromised.
Deep Dive Guide
software supply chain security sbom slsa guide
Related Terms
More Security Terms
DevSecOps
Integrating security practices into every stage of the DevOps pipeline.
Falco
A runtime security tool that detects anomalous behavior in containers using eBPF/syscalls.
JWT (JSON Web Token)
A compact, self-contained token format for transmitting claims between parties.
mTLS (Mutual TLS)
Two-way TLS authentication where both client and server verify each other's certificates.
OAuth2
An authorization framework allowing third-party apps limited access to user accounts.
OIDC (OpenID Connect)
An identity layer on top of OAuth2 that provides user authentication.
Test your knowledge of SLSA and 130 other DevOps concepts