OpenSSF Announces SLSA Version 1.0 Release

<!doctype html><html><head> <meta charset="utf-8"> <meta name="description" content="The Open Source Security Foundation (OpenSSF) is proud to announce the release of version 1.0 of Supply-chain Levels for Software Artifacts (SLSA, pronounced “salsa”). SLSA is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. SLSA’s framework is organized into a series of levels that describe increasing security rigor, designed to give confidence that software hasn’t been tampered with and can be securely traced back to its source."> <title>OpenSSF Announces SLSA Version 1.0 Release</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta property="og:description" content="The Open Source Security Foundation (OpenSSF) is proud to announce the release of version 1.0 of Supply-chain Levels for Software Artifacts (SLSA, pronounced “salsa”). SLSA is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. SLSA’s framework is organized into a series of levels that describe increasing security rigor, designed to give confidence that software hasn’t been tampered with and can be securely traced back to its source."> <meta property="og:title" content="OpenSSF Announces SLSA Version 1.0 Release"> <meta name="twitter:description" content="The Open Source Security Foundation (OpenSSF) is proud to announce the release of version 1.0 of Supply-chain Levels for Software Artifacts (SLSA, pronounced “salsa”). SLSA is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. SLSA’s framework is organized into a series of levels that describe increasing security rigor, designed to give confidence that software hasn’t been tampered with and can be securely traced back to its source."> <meta name="twitter:title" content="OpenSSF Announces SLSA Version 1.0 Release"> <style> a.cta_button{-moz-box-sizing:content-box !important;-webkit-box-sizing:content-box !important;box-sizing:content-box !important;vertical-align:middle}.hs-breadcrumb-menu{list-style-type:none;margin:0px 0px 0px 0px;padding:0px 0px 0px 0px}.hs-breadcrumb-menu-item{float:left;padding:10px 0px 10px 10px}.hs-breadcrumb-menu-divider:before{content:'›';padding-left:10px}.hs-featured-image-link{border:0}.hs-featured-image{float:right;margin:0 0 20px 20px;max-width:50%}@media (max-width: 568px){.hs-featured-image{float:none;margin:0;width:100%;max-width:100%}}.hs-screen-reader-text{clip:rect(1px, 1px, 1px, 1px);height:1px;overflow:hidden;position:absolute !important;width:1px} </style> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css"> <link rel="stylesheet" href="https://www.linuxfoundation.org/hs-fs/hub/8112310/hub_generated/template_assets/77282239896/1669227111472/2022_-_BZ_Linux_Foundation_Theme/assets/vendor/magnific.min.css"> <link rel="stylesheet" href="https://www.linuxfoundation.org/hs-fs/hub/8112310/hub_generated/template_assets/85121828485/1712254049681/2022_-_BZ_Linux_Foundation_Theme/assets/css/partials/mega-header.min.css"> <link rel="stylesheet" href="https://www.linuxfoundation.org/hs-fs/hub/8112310/hub_generated/module_assets/78365212720/1663262966336/module_78365212720_Social_Share_-_Blog_Post.min.css"> <style> .section--module_165707532951021 .social-links__icon { background-color: rgba(255, 255, 255,1.0); border-radius: 0px; } .section--module_165707532951021 .social-links__icon svg { fill: #0094FF; height: 32px; width: 32px; } .section--module_165707532951021 .social-links__icon:hover, .section--module_165707532951021 .social-links__icon:focus, .section--module_165707532951021 .social-links__icon:active { background-color: rgba(0, 148, 255,1.0); } .section--module_165707532951021 .social-links__icon:hover svg, .section--module_165707532951021 .social-links__icon:focus svg, .section--module_165707532951021 .social-links__icon:active svg { fill: #ffffff; } </style> <link rel="stylesheet" href="https://www.linuxfoundation.org/hs-fs/hub/8112310/hub_generated/module_assets/77362524751/1712755318894/module_77362524751_Main_Mega_Footer.min.css"> <style> @font-face { font-family: "Roboto Slab"; font-weight: 400; font-style: normal; font-display: swap; src: url("/_hcms/googlefonts/Roboto_Slab/regular.woff2") format("woff2"), url("/_hcms/googlefonts/Roboto_Slab/regular.woff") format("woff"); } @font-face { font-family: "Roboto Slab"; font-weight: 300; font-style: normal; font-display: swap; src: url("/_hcms/googlefonts/Roboto_Slab/300.woff2") format("woff2"), url("/_hcms/googlefonts/Roboto_Slab/300.woff") format("woff"); } @font-face { font-family: "Open Sans"; font-weight: 400; font-style: normal; font-display: swap; src: url("/_hcms/googlefonts/Open_Sans/regular.woff2") format("woff2"), url("/_hcms/googlefonts/Open_Sans/regular.woff") format("woff"); } @font-face { font-family: "Open Sans"; font-weight: 700; font-style: normal; font-display: swap; src: url("/_hcms/googlefonts/Open_Sans/700.woff2") format("woff2"), url("/_hcms/googlefonts/Open_Sans/700.woff") format("woff"); } </style> <script type="application/ld+json"> { "mainEntityOfPage" : { "@type" : "WebPage", "@id" : "https://www.linuxfoundation.org/press/openssf-announces-slsa-version-1.0-release" }, "author" : { "name" : "The Linux Foundation", "url" : "https://www.linuxfoundation.org/press/author/andrewb", "@type" : "Person" }, "headline" : "OpenSSF Announces SLSA Version 1.0 Release", "datePublished" : "2023-04-19T16:00:00.000Z", "dateModified" : "2023-04-19T16:00:00.397Z", "publisher" : { "name" : "The Linux Foundation", "logo" : { "url" : "https://f.hubspotusercontent10.net/hubfs/8112310/Linux%20Logo.png", "@type" : "ImageObject" }, "@type" : "Organization" }, "@context" : "https://schema.org", "@type" : "BlogPosting", "image" : [ "https://8112310.fs1.hubspotusercontent-na1.net/hubfs/8112310/OpenSSF_SLSA_1.0_Release.png" ] } </script>  <script> var _hsp = window._hsp = window._hsp || []; window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} var useGoogleConsentModeV2 = true; var waitForUpdateMillis = 1000; var hsLoadGtm = function loadGtm() { if(window._hsGtmLoadOnce) { return; } if (useGoogleConsentModeV2) { gtag('set','developer_id.dZTQ1Zm',true); gtag('consent', 'default', { 'ad_storage': 'denied', 'analytics_storage': 'denied', 'ad_user_data': 'denied', 'ad_personalization': 'denied', 'wait_for_update': waitForUpdateMillis }); _hsp.push(['useGoogleConsentModeV2']) } (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-WWBXMJK'); window._hsGtmLoadOnce = true; }; _hsp.push(['addPrivacyConsentListener', function(consent){ if(consent.allowed || (consent.categories && consent.categories.analytics)){ hsLoadGtm(); } }]); </script>  <script src="https://cmp.osano.com/16A0DbT9yDNIaQkvZ/af2b9f1f-3ac7-4a18-a99a-e487d04f08e6/osano.js?variant=two"></script> <script type="text/javascript" src="//d2c7xlmseob604.cloudfront.net/tracker.min.js" defer></script> <script> $(document).ready( function() { SmartlingContextTracker.init({ orgId: '-BHEtmsmrUGOM8sNYfeBSQ' }); }); </script>  <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-WWBXMJK');</script>  <link rel="amphtml" href="https://www.linuxfoundation.org/press/openssf-announces-slsa-version-1.0-release?hs_amp=true"> <meta property="og:image" content="https://www.linuxfoundation.org/hubfs/OpenSSF_SLSA_1.0_Release.png"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="628"> <meta name="twitter:image" content="https://www.linuxfoundation.org/hubfs/OpenSSF_SLSA_1.0_Release.png"> <meta property="og:url" content="https://openssf.org/press-release/2023/04/19/openssf-announces-slsa-version-1-0-release/"> <meta name="twitter:card" content="summary_large_image"> <link rel="canonical" href="https://openssf.org/press-release/2023/04/19/openssf-announces-slsa-version-1-0-release/"> <meta property="og:type" content="article"> <link rel="alternate" type="application/rss+xml" href="https://www.linuxfoundation.org/press/rss.xml"> <meta name="twitter:domain" content="www.linuxfoundation.org"> <script src="//platform.linkedin.com/in.js" type="text/javascript"> lang: en_US </script> <meta http-equiv="content-language" content="en"> <link href="https://www.linuxfoundation.org/hs-fs/hub/8112310/hub_generated/template_assets/77283435922/1712081688750/2022_-_BZ_Linux_Foundation_Theme/assets/css/main.min.css" rel="stylesheet"> <meta name="generator" content="HubSpot"></head> <body class=" ">  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WWBXMJK" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>  <div id="hs_cos_wrapper_language_switcher" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-language_switcher" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><span id="hs_cos_wrapper_language_switcher_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_language_switcher" style="" data-hs-cos-general-type="widget" data-hs-cos-type="language_switcher"></span></div> <div id="hs_cos_wrapper_module_16560108726164" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"> <section id="mega-menu" class="section--module_16560108726164 section--mega-menu bg--black__slight page_header"> <div class="top__bar bg--secondary"> <div class="top__bar-wrapper section-wrapper flex-row jc--space-between"> <p class="top__bar--callout text-color--white"><span style="font-size: 16px;"><span style="color: #ffffff;">KubeCon + CloudNativeCon Europe · Apr 1-4 · London </span><a href="https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/" rel="noopener" style="text-decoration: underline;">REGISTER TODAY</a></span></p> <div class="right-items flex-row align-items--center jc--end"> <div class="menu--language"> <svg class="icon--globe" width="13" height="12" viewbox="0 0 13 12" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M6.33333 0.166748C3.11159 0.166748 0.5 2.77834 0.5 6.00008C0.5 9.22182 3.11159 11.8334 6.33333 11.8334C9.55507 11.8334 12.1667 9.22182 12.1667 6.00008C12.1667 2.77834 9.55507 0.166748 6.33333 0.166748ZM8.26892 8.57804C8.17718 8.6693 8.08098 8.76503 8.00289 8.84336C7.93256 8.91393 7.88293 9.00095 7.85776 9.09528C7.82224 9.22841 7.79355 9.36295 7.74556 9.49208L7.33653 10.5941C7.01287 10.6646 6.67792 10.7044 6.33333 10.7044V10.0604C6.37308 9.76352 6.15363 9.20747 5.80104 8.85489C5.65991 8.71376 5.58065 8.52229 5.58065 8.32259V7.56967C5.58065 7.29588 5.43317 7.0442 5.19348 6.91178C4.85548 6.72478 4.3747 6.46345 4.0454 6.29763C3.77537 6.16167 3.52557 5.98856 3.30094 5.78604L3.28212 5.7691C3.12149 5.6241 2.97886 5.46031 2.85733 5.28126C2.63669 4.95737 2.27728 4.42461 2.04372 4.07837C2.5252 3.00815 3.39291 2.14867 4.47114 1.68177L5.03589 1.96426C5.28616 2.0894 5.58065 1.90757 5.58065 1.62767V1.36188C5.76858 1.33153 5.95981 1.31225 6.15433 1.30495L6.81999 1.97061C6.967 2.11762 6.967 2.35589 6.81999 2.5029L6.70968 2.61298L6.46646 2.8562C6.39308 2.92958 6.39308 3.04884 6.46646 3.12223L6.57678 3.23254C6.65017 3.30593 6.65017 3.42518 6.57678 3.49857L6.38861 3.68674C6.35328 3.722 6.30539 3.7418 6.25548 3.74178H6.04402C5.99509 3.74178 5.94805 3.76083 5.91277 3.79518L5.67944 4.02216C5.65083 4.05001 5.63182 4.08623 5.62514 4.12559C5.61846 4.16495 5.62446 4.20541 5.64227 4.24114L6.00897 4.97478C6.07154 5.09991 5.98051 5.24716 5.84079 5.24716H5.70813C5.66273 5.24716 5.61899 5.23069 5.58488 5.20106L5.3666 5.01147C5.3172 4.96862 5.25751 4.93936 5.19338 4.92658C5.12925 4.91379 5.06289 4.91792 5.00084 4.93856L4.26767 5.18294C4.2117 5.20161 4.16302 5.23741 4.12853 5.28529C4.09404 5.33316 4.07549 5.39067 4.0755 5.44968C4.0755 5.55623 4.13572 5.65337 4.23098 5.70112L4.4916 5.83143C4.71294 5.94222 4.95709 5.99985 5.20454 5.99985C5.45198 5.99985 5.73589 6.64175 5.95722 6.75253H7.52729C7.72698 6.75253 7.91821 6.8318 8.05958 6.97293L8.38159 7.29494C8.51611 7.42952 8.59167 7.61202 8.59163 7.8023C8.59159 7.94648 8.56305 8.08924 8.50767 8.22237C8.45229 8.35549 8.37115 8.47636 8.26892 8.57804ZM10.3085 6.42935C10.1723 6.39524 10.0535 6.31174 9.97564 6.19484L9.55272 5.56046C9.49084 5.46778 9.45781 5.35884 9.45781 5.24739C9.45781 5.13595 9.49084 5.02701 9.55272 4.93432L10.0135 4.24326C10.0681 4.16164 10.1429 4.09531 10.2308 4.05156L10.5362 3.89891C10.8542 4.5321 11.0376 5.24434 11.0376 6.00008C11.0376 6.20401 11.0202 6.40371 10.9948 6.60082L10.3085 6.42935Z" fill="white" /> </svg> <select class="menu--language__list" onchange="window.open(this.options[this.selectedIndex].value, '_self');"> <option value="https://linuxfoundation.org/">English</option> <option value="https://www.linuxfoundation.jp">Japan</option> <option value="https://www.linuxfoundation.org/zh/chinese/">China</option> <option value="https://linuxfoundation.eu">Europe</option> </select> </div> <div class="top__bar-menu text-color--white"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16560108726164_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://openprofile.dev/" role="menuitem" target="_blank" rel="noopener">Sign In</a></li> </ul> </div></span> </div> <a href="#search-popup" class="search-popup-link"> <svg width="18" height="18" class="icon icon-search header-search-icon" viewbox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M12.0409 0.757324C8.07935 0.757324 4.85339 3.98328 4.85339 7.94482C4.85339 9.66589 5.45703 11.2438 6.47058 12.4819L0.743042 18.2095L1.77625 19.2427L7.50378 13.5151C8.74194 14.5287 10.3198 15.1323 12.0409 15.1323C16.0024 15.1323 19.2284 11.9064 19.2284 7.94482C19.2284 3.98328 16.0024 0.757324 12.0409 0.757324ZM12.0409 2.19482C15.2247 2.19482 17.7909 4.76099 17.7909 7.94482C17.7909 11.1287 15.2247 13.6948 12.0409 13.6948C8.85706 13.6948 6.29089 11.1287 6.29089 7.94482C6.29089 4.76099 8.85706 2.19482 12.0409 2.19482Z" fill="white" /> </svg> </a> <div id="search-popup" class="hs-search-field mfp-hide"> <h4> Search </h4> <div class="hs-search-field__bar"> <form action="/hs-search-results"> <input type="text" class="hs-search-field__input" name="term" autocomplete="off" aria-label="Search" placeholder="Search the site..."> <input type="hidden" name="type" value="SITE_PAGE"> <input type="hidden" name="type" value="LANDING_PAGE"> <input type="hidden" name="type" value="BLOG_POST"> <input type="hidden" name="type" value="LISTING_PAGE"> </form> </div> <ul class="hs-search-field__suggestions"></ul> </div> </div> </div> </div> <header id="js-top-header" class="section-wrapper"> <div class="header__row header__main"> <div class="header_branding"> <a href="/?hsLang=en"> <img src="https://www.linuxfoundation.org/hubfs/LF%20Logo%20White.svg"> </a> </div> <div class="header_content flex-row jc--space-between align-items--center pt--sm pb--sm"> <div class="header-left"> <button class="burger-button menu-toggle" onclick="myFunction(this); openSlideMenu();" type="button"> <span></span> </button> </div> <div class="header-right"> <div class="header-button"> <a class="hs-button hs-button--primary mt--none" href="https://www.linuxfoundation.org/about/join?hsLang=en"> Join </a> </div> </div> </div> </div> </header> <nav class="mega-menu__nav-menu bg--white mega__menu" role="navigation"> <div class="mega__menu-content"> <div class="row"> <div id="burger-menu"> <div class="menu-items section-wrapper flex-row jc--space-between pt--md pb--md"> <div class="menu__row-list open-menu--1"> <div class="child-menu dropdown--1" aria-expanded="false"> <p class="row-list-title letter__spacing"> <input type="checkbox" class="menu_arrow menu_arrow-invert" name="menu_arrow" id="menu_arrow"> <label for="menu_arrow dropdown--1"></label> ABOUT </p> <div class="menu-links"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16560108726164_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/about" role="menuitem" target="_self">About the LF</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/about/members" role="menuitem" target="_self">Corporate Members</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/about/individual-supporters" role="menuitem" target="_self">Individual Supporters</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/about/leadership" role="menuitem" target="_self">Leadership</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/about/diversity-inclusivity" role="menuitem" target="_self">Diversity & Inclusivity</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/careers" role="menuitem" target="_self">Careers</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/brand-guidelines" role="menuitem" target="_self">Brand Guidelines</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/about/contact" role="menuitem" target="_self">Contact Us</a></li> </ul> </div></span> </div> </div> </div> <div class="menu__row-list open-menu--2"> <div class="child-menu dropdown--1" aria-expanded="false"> <p class="row-list-title letter__spacing"> <input type="checkbox" class="menu_arrow menu_arrow-invert" name="menu_arrow" id="menu_arrow"> <label for="menu_arrow dropdown--1"></label> PROJECTS </p> <div class="menu-links"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16560108726164_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/projects" role="menuitem" target="_self">View All Projects</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/projects/hosting" role="menuitem" target="_self">Host Your Project</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/projects/partnerships" role="menuitem" target="_self">Partner Program</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/security" role="menuitem" target="_self">Security</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/projects/standards" role="menuitem" target="_self">Standards and Specifications</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/projects/digital-trust" role="menuitem" target="_self">Digital Trust</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/projects/sustainability" role="menuitem" target="_self">Sustainability</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/projects/management" role="menuitem" target="_self">Management & Best Practices</a></li> </ul> </div></span> </div> </div> </div> <div class="menu__row-list open-menu--3"> <div class="child-menu dropdown--1" aria-expanded="false"> <p class="row-list-title letter__spacing"> <input type="checkbox" class="menu_arrow menu_arrow-invert" name="menu_arrow" id="menu_arrow"> <label for="menu_arrow dropdown--1"></label> RESOURCES </p> <div class="menu-links"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16560108726164_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/blog" role="menuitem" target="_self">Blog</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/resources/publications" role="menuitem" target="_self">Publications</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/resources/open-source-guides" role="menuitem" target="_self">Open Source Guides</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/webinars" role="menuitem" target="_self">Webinars</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/resources/case-studies" role="menuitem" target="_self">Case Studies</a></li> </ul> </div></span> </div> </div> <div class="child-menu dropdown--2" aria-expanded="false"> <p class="row-list-title letter__spacing"> <input type="checkbox" class="menu_arrow menu_arrow-invert" name="menu_arrow" id="menu_arrow"> <label for="menu_arrow dropdown--2"></label> NEWSROOM </p> <div class="menu-links"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16560108726164_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/press" role="menuitem" target="_self">Press Releases</a></li> </ul> </div></span> </div> </div> </div> <div class="menu__row-list open-menu--4"> <div class="child-menu dropdown--1" aria-expanded="false"> <p class="row-list-title letter__spacing"> <input type="checkbox" class="menu_arrow menu_arrow-invert" name="menu_arrow" id="menu_arrow"> <label for="menu_arrow dropdown--1"></label> LF RESEARCH </p> <div class="menu-links"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16560108726164_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/research" role="menuitem" target="_self">Latest Research</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/research/leadership" role="menuitem" target="_self">Leadership & Advisory Board</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/research/surveys" role="menuitem" target="_self">Surveys</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/research/lfr-forum" role="menuitem" target="_self">Research Forum</a></li> </ul> </div></span> </div> </div> <div class="child-menu dropdown--2" aria-expanded="false"> <p class="row-list-title letter__spacing"> <input type="checkbox" class="menu_arrow menu_arrow-invert" name="menu_arrow" id="menu_arrow"> <label for="menu_arrow dropdown--2"></label> LF EDUCATION </p> <div class="menu-links"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16560108726164_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://training.linuxfoundation.org" role="menuitem" target="_blank" rel="noopener">Home</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://training.linuxfoundation.org/full-catalog/" role="menuitem" target="_blank" rel="noopener">Course Catalog</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://training.linuxfoundation.org/resources/" role="menuitem" target="_self">Resources</a></li> </ul> </div></span> </div> </div> </div> <div class="menu__row-list open-menu--5"> <div class="child-menu dropdown--1" aria-expanded="false"> <p class="row-list-title letter__spacing"> <input type="checkbox" class="menu_arrow menu_arrow-invert" name="menu_arrow" id="menu_arrow"> <label for="menu_arrow dropdown--1"></label> EVENTS </p> <div class="menu-links"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16560108726164_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://events.linuxfoundation.org/" role="menuitem" target="_self">Upcoming Events</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://events.linuxfoundation.org/about/sponsor/" role="menuitem" target="_self">Sponsor</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://linuxfoundation.smapply.io/" role="menuitem" target="_self">Submit a Talk</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://events.linuxfoundation.org/about/code-of-conduct/" role="menuitem" target="_self">Code of conduct</a></li> </ul> </div></span> </div> </div> </div> <div class="menu__row-list open-menu--6"> <div class="child-menu dropdown--1" aria-expanded="false"> <p class="row-list-title letter__spacing"> <input type="checkbox" class="menu_arrow menu_arrow-invert" name="menu_arrow" id="menu_arrow"> <label for="menu_arrow dropdown--1"></label> LFX PLATFORM </p> <div class="menu-links"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16560108726164_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://lfx.linuxfoundation.org/" role="menuitem" target="_self">LFX Home</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://myprofile.lfx.linuxfoundation.org/" role="menuitem" target="_self">LFX Tools</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://community.lfx.dev/" role="menuitem" target="_self">LFX Community Forum</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://openprofile.dev/" role="menuitem" target="_self">Create an LFX Account</a></li> </ul> </div></span> </div> </div> </div> </div> <div class="mega__menu-footer"> <div class="footer_content section-wrapper flex-row jc--space-between align-items--center pt--xs pb--xs"> <div class="footer-left col6 flex-row align-items--center"> <div class="header-button__wrapper mobile-only"> <div class="header-button"> <a class="hs-button hs-button--primary mt--none" href="https://www.linuxfoundation.org/about/join?hsLang=en"> Join </a> </div> </div> <p class="footer-social-title letter__spacing">Follow Us</p> <div class="footer-social-icons"> <a href="https://twitter.com/linuxfoundation" target="_blank" rel="noopener"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_icon" style="" data-hs-cos-general-type="widget" data-hs-cos-type="icon"><svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 512 512" aria-hidden="true"><g id="Twitter1_layer"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z" /></g></svg></span> </a> <a href="https://www.facebook.com/TheLinuxFoundation" target="_blank" rel="noopener"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_icon" style="" data-hs-cos-general-type="widget" data-hs-cos-type="icon"><svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 320 512" aria-hidden="true"><g id="Facebook F2_layer"><path d="M279.14 288l14.22-92.66h-88.91v-60.13c0-25.35 12.42-50.06 52.24-50.06h40.42V6.26S260.43 0 225.36 0c-73.22 0-121.08 44.38-121.08 124.72v70.62H22.89V288h81.39v224h100.17V288z" /></g></svg></span> </a> <a href="https://www.youtube.com/user/TheLinuxFoundation" target="_blank" rel="noopener"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_icon" style="" data-hs-cos-general-type="widget" data-hs-cos-type="icon"><svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 576 512" aria-hidden="true"><g id="YouTube3_layer"><path d="M549.655 124.083c-6.281-23.65-24.787-42.276-48.284-48.597C458.781 64 288 64 288 64S117.22 64 74.629 75.486c-23.497 6.322-42.003 24.947-48.284 48.597-11.412 42.867-11.412 132.305-11.412 132.305s0 89.438 11.412 132.305c6.281 23.65 24.787 41.5 48.284 47.821C117.22 448 288 448 288 448s170.78 0 213.371-11.486c23.497-6.321 42.003-24.171 48.284-47.821 11.412-42.867 11.412-132.305 11.412-132.305s0-89.438-11.412-132.305zm-317.51 213.508V175.185l142.739 81.205-142.739 81.201z" /></g></svg></span> </a> <a href="https://www.linkedin.com/company/208777" target="_blank" rel="noopener"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_icon" style="" data-hs-cos-general-type="widget" data-hs-cos-type="icon"><svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 448 512" aria-hidden="true"><g id="LinkedIn In4_layer"><path d="M100.28 448H7.4V148.9h92.88zM53.79 108.1C24.09 108.1 0 83.5 0 53.8a53.79 53.79 0 0 1 107.58 0c0 29.7-24.1 54.3-53.79 54.3zM447.9 448h-92.68V302.4c0-34.7-.7-79.2-48.29-79.2-48.29 0-55.69 37.7-55.69 76.7V448h-92.78V148.9h89.08v40.8h1.3c12.4-23.5 42.69-48.3 87.88-48.3 94 0 111.28 61.9 111.28 142.3V448z" /></g></svg></span> </a> <a href="https://github.com/LF-Engineering" target="_blank" rel="noopener"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_icon" style="" data-hs-cos-general-type="widget" data-hs-cos-type="icon"><svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 496 512" aria-hidden="true"><g id="GitHub5_layer"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z" /></g></svg></span> </a> </div> </div> <div class="footer-right col6 align-items--center"> <span id="hs_cos_wrapper_module_16560108726164_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16560108726164_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://openprofile.dev/" role="menuitem" target="_self">My Account</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://openprofile.dev/" role="menuitem" target="_self">Log In</a></li> </ul> </div></span> <div class="menu--language mobile-only"> <svg class="icon--globe" width="18" height="18" viewbox="0 0 13 12" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M6.33333 0.166748C3.11159 0.166748 0.5 2.77834 0.5 6.00008C0.5 9.22182 3.11159 11.8334 6.33333 11.8334C9.55507 11.8334 12.1667 9.22182 12.1667 6.00008C12.1667 2.77834 9.55507 0.166748 6.33333 0.166748ZM8.26892 8.57804C8.17718 8.6693 8.08098 8.76503 8.00289 8.84336C7.93256 8.91393 7.88293 9.00095 7.85776 9.09528C7.82224 9.22841 7.79355 9.36295 7.74556 9.49208L7.33653 10.5941C7.01287 10.6646 6.67792 10.7044 6.33333 10.7044V10.0604C6.37308 9.76352 6.15363 9.20747 5.80104 8.85489C5.65991 8.71376 5.58065 8.52229 5.58065 8.32259V7.56967C5.58065 7.29588 5.43317 7.0442 5.19348 6.91178C4.85548 6.72478 4.3747 6.46345 4.0454 6.29763C3.77537 6.16167 3.52557 5.98856 3.30094 5.78604L3.28212 5.7691C3.12149 5.6241 2.97886 5.46031 2.85733 5.28126C2.63669 4.95737 2.27728 4.42461 2.04372 4.07837C2.5252 3.00815 3.39291 2.14867 4.47114 1.68177L5.03589 1.96426C5.28616 2.0894 5.58065 1.90757 5.58065 1.62767V1.36188C5.76858 1.33153 5.95981 1.31225 6.15433 1.30495L6.81999 1.97061C6.967 2.11762 6.967 2.35589 6.81999 2.5029L6.70968 2.61298L6.46646 2.8562C6.39308 2.92958 6.39308 3.04884 6.46646 3.12223L6.57678 3.23254C6.65017 3.30593 6.65017 3.42518 6.57678 3.49857L6.38861 3.68674C6.35328 3.722 6.30539 3.7418 6.25548 3.74178H6.04402C5.99509 3.74178 5.94805 3.76083 5.91277 3.79518L5.67944 4.02216C5.65083 4.05001 5.63182 4.08623 5.62514 4.12559C5.61846 4.16495 5.62446 4.20541 5.64227 4.24114L6.00897 4.97478C6.07154 5.09991 5.98051 5.24716 5.84079 5.24716H5.70813C5.66273 5.24716 5.61899 5.23069 5.58488 5.20106L5.3666 5.01147C5.3172 4.96862 5.25751 4.93936 5.19338 4.92658C5.12925 4.91379 5.06289 4.91792 5.00084 4.93856L4.26767 5.18294C4.2117 5.20161 4.16302 5.23741 4.12853 5.28529C4.09404 5.33316 4.07549 5.39067 4.0755 5.44968C4.0755 5.55623 4.13572 5.65337 4.23098 5.70112L4.4916 5.83143C4.71294 5.94222 4.95709 5.99985 5.20454 5.99985C5.45198 5.99985 5.73589 6.64175 5.95722 6.75253H7.52729C7.72698 6.75253 7.91821 6.8318 8.05958 6.97293L8.38159 7.29494C8.51611 7.42952 8.59167 7.61202 8.59163 7.8023C8.59159 7.94648 8.56305 8.08924 8.50767 8.22237C8.45229 8.35549 8.37115 8.47636 8.26892 8.57804ZM10.3085 6.42935C10.1723 6.39524 10.0535 6.31174 9.97564 6.19484L9.55272 5.56046C9.49084 5.46778 9.45781 5.35884 9.45781 5.24739C9.45781 5.13595 9.49084 5.02701 9.55272 4.93432L10.0135 4.24326C10.0681 4.16164 10.1429 4.09531 10.2308 4.05156L10.5362 3.89891C10.8542 4.5321 11.0376 5.24434 11.0376 6.00008C11.0376 6.20401 11.0202 6.40371 10.9948 6.60082L10.3085 6.42935Z" fill="black" /> </svg> <a href="https://linuxfoundation.org/" target="_blank">English</a> |  <a href="https://www.linuxfoundation.jp" target="_blank">Japan</a> |  <a href="https://www.linuxfoundation.org/zh/chinese/?hsLang=en" target="_blank">China</a> |  <a href="https://linuxfoundation.eu?hsLang=en" target="_blank">Europe</a> </div> </div> </div> </div> </div> </div> </div> </nav> </section></div> <main id="main"> <main id="main-content" class="body-container-wrapper"> <div class="body-container body-container--blog-post"> <div class="section-wrapper flex-row jc--space-around pt--md pb--md"> <div class="blog-item__header mb--md mt--md"> 7 MIN READ <h1 class="blog-post__title"><span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text">OpenSSF Announces SLSA Version 1.0 Release</span></h1> <h6 class="post-author__info">The Linux Foundation | 19 April 2023 </h6> </div> <div id="sticky-anchor"> <div id="sticky" class="col2 sidebar-left mt--xs"> <div class="blog-single__share"> <div id="hs_cos_wrapper_module_165707532951021" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"> <section id="" class="section-wrapper section--module_165707532951021 section--social-icons "> <div class="social-icons__wrapper"> <div class="social-icons__container flex-row jc--"> <div class="social-links flex-column"> <a href="mailto:?subject=OpenSSF%20Announces%20SLSA%20Version%201.0%20Release&body=https%3A%2F%2Fwww.linuxfoundation.org%2Fpress%2Fopenssf-announces-slsa-version-1.0-release" title="Share via Email" class="social-links__link"> <div class="icon social-icons__email"> <svg xmlns="http://www.w3.org/2000/svg" viewbox="0 0 512 512"><path d="M464 64C490.5 64 512 85.49 512 112C512 127.1 504.9 141.3 492.8 150.4L275.2 313.6C263.8 322.1 248.2 322.1 236.8 313.6L19.2 150.4C7.113 141.3 0 127.1 0 112C0 85.49 21.49 64 48 64H464zM217.6 339.2C240.4 356.3 271.6 356.3 294.4 339.2L512 176V384C512 419.3 483.3 448 448 448H64C28.65 448 0 419.3 0 384V176L217.6 339.2z" /></svg> </div> </a> <a href="https://twitter.com/home?status=https%3A%2F%2Fwww.linuxfoundation.org%2Fpress%2Fopenssf-announces-slsa-version-1.0-release" title="Share via Twitter" target="_blank" class="social-links__link"> <div class="icon social-icons__twitter"> <svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 512 512" height="25" width="25" aria-labelledby="twitter3" role="img"><title id="twitter3">Follow us on Twitter</title><g id="twitter3_layer"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"></path></g></svg> </div> </a> <a href="https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.linuxfoundation.org%2Fpress%2Fopenssf-announces-slsa-version-1.0-release" title="Share via Facebook" target="_blank" class="social-links__link"> <div class="icon social-icons__facebook"> <svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 264 512" height="25" width="25" aria-labelledby="facebook-f1" role="img"><title id="facebook-f1">Follow us on Facebook</title><g id="facebook-f1_layer"><path d="M76.7 512V283H0v-91h76.7v-71.7C76.7 42.4 124.3 0 193.8 0c33.3 0 61.9 2.5 70.2 3.6V85h-48.2c-37.8 0-45.1 18-45.1 44.3V192H256l-11.7 91h-73.6v229"></path></g></svg> </div> </a> <a href="https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.linuxfoundation.org%2Fpress%2Fopenssf-announces-slsa-version-1.0-release&title=&summary=&source=" title="Share via LinkedIn" target="_blank" class="social-links__link"> <div class="icon social-icons__linkedin"> <svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 448 512" height="25" width="25" aria-labelledby="linkedin-in2" role="img"><title id="linkedin-in2">Follow us on LinkedIn</title><g id="linkedin-in2_layer"><path d="M100.3 480H7.4V180.9h92.9V480zM53.8 140.1C24.1 140.1 0 115.5 0 85.8 0 56.1 24.1 32 53.8 32c29.7 0 53.8 24.1 53.8 53.8 0 29.7-24.1 54.3-53.8 54.3zM448 480h-92.7V334.4c0-34.7-.7-79.2-48.3-79.2-48.3 0-55.7 37.7-55.7 76.7V480h-92.8V180.9h89.1v40.8h1.3c12.4-23.5 42.7-48.3 87.9-48.3 94 0 111.3 61.9 111.3 142.3V480z"></path></g></svg> </div> </a> </div> </div> </div> </section></div> </div> </div> </div> <div class="col10 section--blog-post"> <div class="blog-post__post-info"> <span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text"><p><em>Framework for Improving Software Supply Chain Security Announces Stable Release, Helps Secure Builds Against Supply Chain Attacks  </em></p> <p><strong>SAN FRANCISCO, CA, April 19, 2023</strong><span> </span>– The Open Source Security Foundation (OpenSSF) is proud to announce the release of version 1.0 of Supply-chain Levels for Software Artifacts (<a href="https://slsa.dev/" data-feathr-click-track="true" data-feathr-link-aids="["5e59d3cf27f56a08159cd952"]">SLSA</a>, pronounced “salsa”). SLSA is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. SLSA’s framework is organized into a series of levels that describe increasing security rigor, designed to give confidence that software hasn’t been tampered with and can be securely traced back to its source. SLSA is a supply chain security language that everyone can speak to help identify where software stands and how to mature their security posture.</p> <p>“The OpenSSF is working hard to put more rigor into the software development process,” said Brian Behlendorf, General Manager of the OpenSSF. “The stable release of SLSA v1.0 is an important milestone in improving software supply chain security and providing organizations with the tools they need to protect their software.”</p> <p>Supply chain attacks are an ever-present threat, exploiting weak points in the process of building and distributing software to interfere with it. SLSA provides a framework to prevent source code and build system tampering. The specification set by SLSA is useful for both software producers and consumers: producers can follow SLSA’s guidelines to make their software supply chain more secure, and consumers can use SLSA to make decisions about whether to trust a software package. </p> <p>SLSA offers:</p> <ul> <li>A common vocabulary to talk about software supply chain security</li> <li>A way to assess your upstream dependencies by evaluating the trustworthiness of the artifacts you consume such as source code, builds, and container images</li> <li>An actionable checklist to improve your own software’s security</li> <li>A way to measure your efforts toward compliance with forthcoming Executive Order standards in the Secure Software Development Framework (SSDF)</li> </ul> <p>SLSA aims to create a comprehensive, adaptable framework that addresses critical pieces of software supply chain security. The SLSA v1.0 release makes a significant conceptual change in the division of SLSA’s level requirements into multiple tracks, with each focusing on one area of the software supply chain, such as build, source, and dependencies. Previously, there was a single track, but this new division makes SLSA adoption easier for users. SLSA v1.0 starts with the Build Track, which establishes a robust foundation on which to expand the framework to address other critical aspects of the Software Delivery Lifecycle. SLSA Tracks help end users, whether they are open source project maintainers or companies, better understand and mitigate the risks associated with software supply chains, and ultimately develop more secure and reliable software.</p> <p>There are many benefits of adopting SLSA for:</p> <ul> <li><strong>Software producers</strong>, such as a software vendor or a team writing first-party code for use within the same company. SLSA gives you protection against tampering along the supply chain to your consumers, both reducing insider risk and increasing confidence that the software you produce reaches your consumers as you intended. For open source projects and ecosystems, SLSA provides a framework to demonstrate that your releases contain source code and dependencies that haven’t been tampered with. Since many open source projects are volunteer-run,<span> </span><a href="https://slsa.dev/blog/2022/08/slsa-github-workflows-generic-ga" data-feathr-click-track="true" data-feathr-link-aids="["5e59d3cf27f56a08159cd952"]">tools are available</a><span> </span>to easily add SLSA to existing projects.</li> <li><strong>Software consumers</strong>, such as a development team using open source packages, a government agency using vendored software, or a CISO judging organizational risk. SLSA gives you a way to judge the security practices of the software you rely on and be sure that what you receive is what you expected.</li> <li><strong>Infrastructure providers</strong>, who provide infrastructure such as an ecosystem package manager, build platform, or CI/CD system. As the bridge between the producers and consumers, your adoption of SLSA enables a secure software supply chain between them.</li> </ul> <p>The stable release of the SLSA 1.0 Build Track lowers the barrier of entry for improvements, helps you focus efforts on improving your build, and reduces the chances of tampering across a large swath of the supply chain.</p> <p>To begin using SLSA, visit<span> </span><a href="https://slsa.dev/" data-feathr-click-track="true" data-feathr-link-aids="["5e59d3cf27f56a08159cd952"]">https://slsa.dev/</a>.</p> <p> </p> <p><strong>Contributing Company Quotes </strong></p> <h3>ActiveState</h3> <p>In development, you can’t optimize what you can’t measure, and this is why SLSA is exciting; it provides auditable data, in machine-readable form, that validates the chain of custody from code authors to the binaries deployed in production systems. It gives us the provenance of binaries used in sensitive operating environments, so we can make informed decisions on whether or not to trust and incorporate certain packages into builds. These are foundational concepts to actually achieving what has largely been a buzz-phrase; supply chain security. At ActiveState, we make it easy for technical teams to enact SLSA by allowing our customers to identify and trust good faith components with the most complete provenance, automatically available in our platform as attestations and SBOMs.</p> <p>– Scott Robertson, CTO, ActiveState</p> <h3>Chainguard</h3> <p>The evolution of SLSA since our original proof of concept in 2021 has been remarkable, positioning it as one of the most accessible frameworks for implementing software supply chain security practices today. The release of SLSA v1.0 represents a significant step forward in building trust between software consumers and producers, as it provides a well-established framework that outlines how software is protected and developed based on software supply chain security principles. At Chainguard, we are invested in advancing SLSA as a critical industry standard while adhering to its core principles to ensure the integrity of our offerings and the open-source community projects we maintain. We support the OpenSSF’s ongoing efforts to further develop SLSA, enabling more organizations and community projects to achieve their security objectives.</p> <p>– Kim Lewandowski, Head of Product and Co-Founder, Chainguard </p> <h3>Google</h3> <p>SLSA 1.0 is a major milestone in the journey to secure our software supply chains. It is the culmination of two years of collaboration with the open source community, and it builds on Google’s experience protecting production workloads for a decade. SLSA provides a common framework for assessing the security of software supply chains, and it will help organizations to make informed decisions about the software they use. I am excited to see the impact that SLSA will have on the security of our software supply chains. </p> <p>– Abhishek Arya, Engineering Director, Google Open Source Security Team</p> <h3>IBM</h3> <p>At IBM, belief in the power of Open Innovation is driving our current actions and future plans. That is why we have been actively contributing to the Supply chain Levels for Software Artifacts (SLSA) v1.0 specification. By openly collaborating with the OpenSSF community to provide build integrity clarity, package consistency, and adopt-ability at scale, we are certain this framework will help software developers restrict tampering, improve integrity, and better secure packages and infrastructure in software supply chains.</p> <p>– Jamie Thomas, General Manager, Infrastructure Strategy & Development IBM </p> <h3>Intel </h3> <p>In today’s interconnected world, software supply chain security is crucial to ensure the safety and reliability of the software we use. With the increasing complexity and interdependence of software systems, any compromise in the software supply chain can have severe consequences for individuals, organizations, and society. SLSA is a major milestone in building this common framework aimed at solving a very real problem and hard to tackle. I am excited to have SLSA as a common ground enabling the reusability and composability of the software economy with a trustworthy software supply chain foundation.</p> <p>– Bruno Domingues, CTO – Worldwide Financial Services and Principal Engineer, Intel</p> <h3>Kusari</h3> <p>As a member of the SLSA steering committee, I am thrilled to see the release of SLSA 1.0. This milestone signifies the collective efforts of the SLSA, OpenSSF and the broader open source security community in creating a critical framework that enhances the security of our software supply chains. At Kusari, we are committed to adopting and promoting SLSA as a key piece in the cybersecurity picture. Together, we’re driving innovation while safeguarding the future of the technology we all use.</p> <p>– Michael Lieberman, CTO, Kusari</p> <h3>Microsoft </h3> <p>Being an active member and contributor within the OpenSSF allows Microsoft to empower every person and every organization on the planet to do more…<span> </span><em>securely</em>. By contributing to OpenSSF’s Supply chain Levels for Software Artifacts (SLSA) v1.0 Build Track, our commitment to empowerment and the ability to do more, securely, is on display with true partnership in mind. In conjunction with the consumer-focused Secure Supply Chain Consumption Framework (S2C2F), also developed openly with the OpenSSF, the release of the producer-focused SLSA is a testament to what can be accomplished when we come together towards the creation of a first-of-its-kind collaborative and trusted framework. Through this collaboration, we are able to produce the most up-to-date and scalable security controls and maturity levels which strengthen our software and supply chain security.</p> <p>– Mark Russinovich, Azure CTO and Technical Fellow, Microsoft</p> <h3>Red Hat</h3> <p>At Red Hat, we understand that product security can be a complicated issue for companies of all sizes. That’s why we are committed to simplifying it by supporting initiatives like the SLSA and OpenSSF. We believe that transparency is essential in protecting our customers’ interests. As we continue to pursue our goals in supply chain security, we will use SLSA and other industry standards to provide customers with greater visibility into our security initiatives. As an open-source company, we value collaboration and SLSA is a perfect example of what can be achieved when people come together to create widely accepted criteria to strengthen software security.  </p> <p>– Emmy Eide, Director, Red Hat</p> <h3>VMware</h3> <p>SLSA’s 1.0 specification brings a shared system of expectations around open source project security posture.  The initial three levels enable more robust conversation and reasoning across the ecosystem’s complex producer-consumer networks.  VMware sees SLSA as a positive contribution toward ever improved trustworthiness both in the open source artifacts we create and from the community projects which underpin and accelerate our own offerings.</p> <p>– Tim Pepper, Principal Engineer / VP, VMware</p> <p><strong>End User Company Quote</strong></p> <h3>GitHub</h3> <p>As we continue to enhance the security of how npm packages are built, the SLSA framework has served as a launchpad for us in determining what capabilities to provide. It has been instrumental in moving forward the security of open source packages in a way that makes sense for users, open source maintainers, and vendors.</p> <p>– Zach Steindler, Principal Security Engineer, GitHub</p> <p> </p> <h3>About the OpenSSF</h3> <p>The Open Source Security Foundation (OpenSSF) is a cross-industry organization hosted by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at<span> </span><a href="https://openssf.org/?hsLang=en" data-feathr-click-track="true" data-feathr-link-aids="["5e59d3cf27f56a08159cd952"]">openssf.org</a>.</p> <h4>Media Contact</h4> <p>Jennifer Bly</p> <p>OpenSSF</p> <p>jbly@linuxfoundation.org</p></span> </div> <div id="stop" class="post-meta-infos flex-row mb--md linux-box bg--secondary jc--space-between"> <div class="col2 author__avatar-name mt--sm"> <div class="hs-author-avatar align--center"> <svg width="126" height="126" viewbox="0 0 126 126" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M25.1418 100.884V50.6897H0V126H75.3103V100.884H25.1418Z" fill="white" /> <path d="M126 0H0V37.7923H25.2154V25.3232H100.823V100.792H88.2346V126H126V0Z" fill="white" /> </svg> </div> </div> <div class="col10 ml--sm author__bio"> <h3 class="text-color--white"> About The Linux Foundation </h3> <p class="text-color--white">The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.</p> </div> </div> </div> <div class="col3 sidebar-right ml--sm" style="visibility:hidden !important;"> <div class="blog-post__sidebar"> </div> </div> </div> </div> </main> </main> <div id="hs_cos_wrapper_module_16613593312364" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"> <section id="sticky-form" class="section--module_16613593312364 section--footer_form "> <div class="form__container hs-form bg--secondary pb--md pt--md"> <div class="section-wrapper"> <div class="footer_form_title"><h3>Stay Connected with the Linux Foundation</h3></div> <div class="footer__form align-items--center"> <span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form"><h3 id="hs_cos_wrapper_form_685573152_title" class="hs_cos_wrapper form-title" data-hs-cos-general-type="widget_field" data-hs-cos-type="text"></h3> <div id="hs_form_target_form_685573152"></div> </span> </div> </div> </div> </section> <footer class="section--module_16613593312364 section--footer pt--xs"> <div class="footer section-wrapper"> <div class="footer__wrapper"> <div class="footer__container flex-row jc--space-between"> <div class="footer__left pt--xs col4"> <div class="footer__logo"> <a href="https://linuxfoundation.org"> <img src="https://www.linuxfoundation.org/hubfs/LF%20Logo%20White.svg" alt="LF Logo White" height="50" style="height:50px;"> </a> </div> <p class="footer__title">ABOUT THE LINUX FOUNDATION</p> <p class="footer__content">The Linux Foundation provides a neutral, trusted hub for developers to code, manage, and scale open technology projects.</p> <div class="footer__info-menu"><span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16613593312364_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/about" role="menuitem" target="_self">About the LF</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/about/leadership" role="menuitem" target="_self">Leadership</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/careers" role="menuitem" target="_self">Careers</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/about/members" role="menuitem" target="_self">Corporate Members</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/about/diversity-inclusivity" role="menuitem" target="_self">Diversity & Inclusivity</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/brand-guidelines" role="menuitem" target="_self">Brand Guidelines</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/about/contact" role="menuitem" target="_self">Contact Us</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://linuxfoundation.store/" role="menuitem" target="_blank" rel="noopener">Store</a></li> </ul> </div></span></div> <div class="footer__social-links"> <a href="https://twitter.com/linuxfoundation" target="_blank" rel="noopener"> <span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_icon" style="" data-hs-cos-general-type="widget" data-hs-cos-type="icon"><svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 512 512" aria-hidden="true"><g id="Twitter1_layer"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z" /></g></svg></span></a> <a href="https://www.facebook.com/TheLinuxFoundation" target="_blank" rel="noopener"> <span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_icon" style="" data-hs-cos-general-type="widget" data-hs-cos-type="icon"><svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 320 512" aria-hidden="true"><g id="Facebook F2_layer"><path d="M279.14 288l14.22-92.66h-88.91v-60.13c0-25.35 12.42-50.06 52.24-50.06h40.42V6.26S260.43 0 225.36 0c-73.22 0-121.08 44.38-121.08 124.72v70.62H22.89V288h81.39v224h100.17V288z" /></g></svg></span></a> <a href="https://www.youtube.com/user/TheLinuxFoundation" target="_blank" rel="noopener"> <span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_icon" style="" data-hs-cos-general-type="widget" data-hs-cos-type="icon"><svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 576 512" aria-hidden="true"><g id="YouTube3_layer"><path d="M549.655 124.083c-6.281-23.65-24.787-42.276-48.284-48.597C458.781 64 288 64 288 64S117.22 64 74.629 75.486c-23.497 6.322-42.003 24.947-48.284 48.597-11.412 42.867-11.412 132.305-11.412 132.305s0 89.438 11.412 132.305c6.281 23.65 24.787 41.5 48.284 47.821C117.22 448 288 448 288 448s170.78 0 213.371-11.486c23.497-6.321 42.003-24.171 48.284-47.821 11.412-42.867 11.412-132.305 11.412-132.305s0-89.438-11.412-132.305zm-317.51 213.508V175.185l142.739 81.205-142.739 81.201z" /></g></svg></span></a> <a href="https://www.linkedin.com/company/208777" target="_blank" rel="noopener"> <span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_icon" style="" data-hs-cos-general-type="widget" data-hs-cos-type="icon"><svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 448 512" aria-hidden="true"><g id="LinkedIn In4_layer"><path d="M100.28 448H7.4V148.9h92.88zM53.79 108.1C24.09 108.1 0 83.5 0 53.8a53.79 53.79 0 0 1 107.58 0c0 29.7-24.1 54.3-53.79 54.3zM447.9 448h-92.68V302.4c0-34.7-.7-79.2-48.29-79.2-48.29 0-55.69 37.7-55.69 76.7V448h-92.78V148.9h89.08v40.8h1.3c12.4-23.5 42.69-48.3 87.88-48.3 94 0 111.28 61.9 111.28 142.3V448z" /></g></svg></span></a> <a href="https://github.com/LF-Engineering" target="_blank" rel="noopener"> <span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_icon" style="" data-hs-cos-general-type="widget" data-hs-cos-type="icon"><svg version="1.0" xmlns="http://www.w3.org/2000/svg" viewbox="0 0 496 512" aria-hidden="true"><g id="GitHub5_layer"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z" /></g></svg></span></a> </div> </div> <div class="footer__right col8 pt--xs align-items--top"> <div class="footer__right-content"> <div class="footer__right-content-menu menu-items-footer flex-row"> <div class="footer__row-list open-menu--1"> <div class="menu-group col3"> <div class="child-menu_links dropdown--1" aria-expanded="false"> <input class="footer_menu_arrow footer_menu_arrow-invert" type="checkbox" name="footer_menu_arrow" id="footer_menu_arrow"> <label for="footer_menu_arrow dropdown--1"></label> <p class="footer__menu-title letter__spacing">PROJECTS</p> <div class="menu-row"><span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16613593312364_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/projects" role="menuitem" target="_self">View All Projects</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/projects/hosting" role="menuitem" target="_self">Host Your Project</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/security" role="menuitem" target="_self">Security</a></li> </ul> </div></span></div> </div> </div> <div class="menu-group col3"> <div class="child-menu_links dropdown--2" aria-expanded="false"> <input class="footer_menu_arrow footer_menu_arrow-invert" type="checkbox" name="footer_menu_arrow" id="footer_menu_arrow"> <label for="footer_menu_arrow dropdown--2"></label> <p class="footer__menu-title letter__spacing">NEWSROOM</p> <div class="menu-row"><span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16613593312364_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/press" role="menuitem" target="_self">Press Releases</a></li> </ul> </div></span></div> </div> </div> <div class="menu-group col3"> <div class="child-menu_links dropdown--3" aria-expanded="false"> <input class="footer_menu_arrow footer_menu_arrow-invert" type="checkbox" name="footer_menu_arrow" id="footer_menu_arrow"> <label for="footer_menu_arrow dropdown--3"></label> <p class="footer__menu-title letter__spacing">LF RESEARCH</p> <div class="menu-row"><span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16613593312364_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/research" role="menuitem" target="_self">Latest Research</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/research/sponsorship" role="menuitem" target="_self">Sponsor a Study</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/research/leadership" role="menuitem" target="_self">Leadership & Advisory Board</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/research/lfr-forum" role="menuitem" target="_self">Research Forum</a></li> </ul> </div></span></div> </div> </div> <div class="menu-group col3"> <div class="child-menu_links dropdown--4" aria-expanded="false"> <input class="footer_menu_arrow footer_menu_arrow-invert" type="checkbox" name="footer_menu_arrow" id="footer_menu_arrow"> <label for="footer_menu_arrow dropdown--4"></label> <p class="footer__menu-title letter__spacing">LFX PLATFORM</p> <div class="menu-row"><span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16613593312364_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://lfx.linuxfoundation.org" role="menuitem" target="_blank" rel="noopener">LFX Home</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://myprofile.lfx.linuxfoundation.org/" role="menuitem" target="_blank" rel="noopener">LFX Tools</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://community.lfx.dev/" role="menuitem" target="_blank" rel="noopener">LFX Community Forum</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://openprofile.dev/" role="menuitem" target="_blank" rel="noopener">Create an LFX Account</a></li> </ul> </div></span></div> </div> </div> </div> <div class="footer__row-list open-menu--2"> <div class="menu-group col3"> <div class="child-menu_links dropdown--1" aria-expanded="false"> <input class="footer_menu_arrow footer_menu_arrow-invert" type="checkbox" name="footer_menu_arrow" id="footer_menu_arrow"> <label for="footer_menu_arrow dropdown--1"></label> <p class="footer__menu-title letter__spacing">RESOURCES</p> <div class="menu-row"><span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16613593312364_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/blog" role="menuitem" target="_self">Blog</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/resources/publications" role="menuitem" target="_self">Publications</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/resources/open-source-guides" role="menuitem" target="_self">Open Source Guides</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/webinars" role="menuitem" target="_self">Webinars</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linuxfoundation.org/resources/case-studies" role="menuitem" target="_self">Case Studies</a></li> </ul> </div></span></div> </div> </div> <div class="menu-group col3"> <div class="child-menu_links dropdown--2" aria-expanded="false"> <input class="footer_menu_arrow footer_menu_arrow-invert" type="checkbox" name="footer_menu_arrow" id="footer_menu_arrow"> <label for="footer_menu_arrow dropdown--2"></label> <p class="footer__menu-title letter__spacing">EVENTS</p> <div class="menu-row"><span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16613593312364_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://events.linuxfoundation.org/about/calendar/" role="menuitem" target="_blank" rel="noopener">Upcoming Events</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://events.linuxfoundation.org/about/sponsor/" role="menuitem" target="_blank" rel="noopener">Sponsor an Event</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://linuxfoundation.smapply.io/" role="menuitem" target="_blank" rel="noopener">Submit a Talk</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://events.linuxfoundation.org/about/code-of-conduct/" role="menuitem" target="_blank" rel="noopener">Code of Conduct</a></li> </ul> </div></span></div> </div> </div> <div class="menu-group col3"> <div class="child-menu_links dropdown--3" aria-expanded="false"> <input class="footer_menu_arrow footer_menu_arrow-invert" type="checkbox" name="footer_menu_arrow" id="footer_menu_arrow"> <label for="footer_menu_arrow dropdown--3"></label> <p class="footer__menu-title letter__spacing">LF EDUCATION</p> <div class="menu-row"><span id="hs_cos_wrapper_module_16613593312364_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_16613593312364_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu"> <ul role="menu"> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://training.linuxfoundation.org/" role="menuitem" target="_blank" rel="noopener">Home</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://training.linuxfoundation.org/full-catalog/" role="menuitem" target="_self">Course Catalog</a></li> <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://training.linuxfoundation.org/resources/" role="menuitem" target="_self">Resources</a></li> </ul> </div></span></div> </div> </div> </div> </div> </div> <div class="footer__info"> <p class="content_info"><span style="font-size: 12px; color: #ffffff;">Copyright © 2025 The Linux Foundation®. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For more information, including terms of use, privacy policy, and trademark usage, please see our <a href="/legal/policies?hsLang=en"><span style="font-size: 12px; color: #ffffff;">Policies</span></a> page. <a href="/legal/privacy-policy?hsLang=en"><span style="font-size: 12px; color: #ffffff;">Privacy Policy</span></a> | <a href="/legal/trademark-usage?hsLang=en"><span style="font-size: 12px; color: #ffffff;">Trademark Usage</span></a></span></p> </div> </div> </div> </div> </div> </footer></div>  <script defer src="/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script> <script> var hsVars = hsVars || {}; hsVars['language'] = 'en'; </script> <script src="/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js"></script> <script src="https://www.linuxfoundation.org/hs-fs/hub/8112310/hub_generated/template_assets/80245626652/1669227112886/2022_-_BZ_Linux_Foundation_Theme/assets/js/magnific-popup.min.js"></script> <script src="https://www.linuxfoundation.org/hs-fs/hub/8112310/hub_generated/module_assets/76935915621/1668017286064/module_76935915621_Main_Mega_Header.min.js"></script> <script> function myFunction(x) { x.classList.toggle("change"); } function openSlideMenu() { document.getElementById('burger-menu').classList.toggle("open"); } function closeSlideMenu() { document.getElementById('burger-menu').style.width = '0px'; } </script> <script src="https://www.linuxfoundation.org/hs-fs/hub/8112310/hub_generated/template_assets/77282240621/1669227119072/2022_-_BZ_Linux_Foundation_Theme/assets/js/main.min.js"></script> <script src="https://www.linuxfoundation.org/hs-fs/hub/8112310/hub_generated/module_assets/77362524751/1712755318121/module_77362524751_Main_Mega_Footer.min.js"></script>  <script data-hs-allowed="true" src="/_hcms/forms/v2.js"></script> <script data-hs-allowed="true"> var options = { portalId: '8112310', formId: 'e5c83800-1206-402c-9050-decfe094cca8', formInstanceId: '6757', pageId: '111713836074', region: 'na1', pageName: "OpenSSF Announces SLSA Version 1.0 Release", inlineMessage: "Thanks for submitting the form. You have been added to the subscriber list. ", rawInlineMessage: "Thanks for submitting the form. You have been added to the subscriber list. ", hsFormKey: "7f74087501ded49e4ffe357a87f48448", css: '', target: '#hs_form_target_form_685573152', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script>  <script type="text/javascript"> var _hsq = _hsq || []; _hsq.push(["setContentType", "blog-post"]); _hsq.push(["setCanonicalUrl", "https:\/\/www.linuxfoundation.org\/press\/openssf-announces-slsa-version-1.0-release"]); _hsq.push(["setPageId", "111713836074"]); _hsq.push(["setContentMetadata", { "contentPageId": 111713836074, "legacyPageId": "111713836074", "contentFolderId": null, "contentGroupId": 83688301748, "abTestId": null, "languageVariantId": 111713836074, "languageCode": "en", }]); </script> <script type="text/javascript" id="hs-script-loader" async defer src="/hs/scriptloader/8112310.js?businessUnitId=0"></script>  <script type="text/javascript"> var hsVars = { render_id: "3398acc9-7fa1-493c-a0b4-967b2751be85", ticks: 1739123274464, page_id: 111713836074, content_group_id: 83688301748, portal_id: 8112310, app_hs_base_url: "https://app.hubspot.com", cp_hs_base_url: "https://cp.hubspot.com", language: "en", analytics_page_type: "blog-post", scp_content_type: "", analytics_page_id: "111713836074", category_id: 3, folder_id: 0, is_hubspot_user: false } </script> <script defer src="/hs/hsstatic/HubspotToolsMenu/static-1.393/js/index.js"></script>  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WWBXMJK" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>  <div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v3.0"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> </body></html>

CINXE.COM

OpenSSF Announces SLSA Version 1.0 Release