<!DOCTYPE html> <html lang="en"><head> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="viewport" content="width=device-width, initial-scale=1" /><!-- Begin Jekyll SEO tag v2.8.0 --> <meta name="generator" content="Jekyll v3.9.5" /> <meta property="og:title" content="Software attestations" /> <meta property="og:locale" content="en_US" /> <meta name="description" content="A software attestation is an authenticated statement (metadata) about a software artifact or collection of software artifacts. The primary intended use case is to feed into automated policy engines, such as in-toto and Binary Authorization. This page provides a high-level overview of the attestation model, including standardized terminology, data model, layers, and conventions for software attestations." /> <meta property="og:description" content="A software attestation is an authenticated statement (metadata) about a software artifact or collection of software artifacts. The primary intended use case is to feed into automated policy engines, such as in-toto and Binary Authorization. This page provides a high-level overview of the attestation model, including standardized terminology, data model, layers, and conventions for software attestations." /> <meta property="og:site_name" content="SLSA" /> <meta property="og:image" content="/images/icons/android-chrome-192x192.png" /> <meta property="og:type" content="website" /> <meta name="twitter:card" content="summary_large_image" /> <meta property="twitter:image" content="/images/icons/android-chrome-192x192.png" /> <meta property="twitter:title" content="Software attestations" /> <script type="application/ld+json"> {"@context":"https://schema.org","@type":"WebPage","description":"A software attestation is an authenticated statement (metadata) about a software artifact or collection of software artifacts. The primary intended use case is to feed into automated policy engines, such as in-toto and Binary Authorization. This page provides a high-level overview of the attestation model, including standardized terminology, data model, layers, and conventions for software attestations.","headline":"Software attestations","image":"/images/icons/android-chrome-192x192.png","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"/images/icons/android-chrome-512x512.png"}},"url":"/attestation-model"}</script> <!-- End Jekyll SEO tag --> <link rel="stylesheet" href="/vendor/tailwindcss-2.2.19/tailwind.min.css"> <link rel="stylesheet" href="/assets/main.css"> <link rel="apple-touch-icon" sizes="180x180" href="/images/icons/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/images/icons/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/images/icons/favicon-16x16.png"> <link rel="icon" type="image/png" sizes="16x16" href="/images/icons/favicon-16x16.png"> <link rel="icon" type="image/x-icon" href="/images/icons/favicon.ico"> <link rel="mask-icon" href="/images/icons/safari-pinned-tab.svg" color="#5bbad5"> <meta name="msapplication-TileColor" content="#da532c" /> <meta name="msapplication-square150x150logo" content="/images/icons/mstile-150x150.png" /> <meta name="theme-color" content="#ffffff" /> <title>SLSA • Software attestations</title> <link rel="stylesheet" href="/fonts/inter/inter.css"> <link rel="stylesheet" href="/fonts/ibm_plex/IBMPlexMono-Regular.css"> <link rel="stylesheet" href="/fonts/prodigy/ProdigySans.css"> <script src="/vendor/swiper-6.8.4/swiper-bundle.min.js"></script> <link rel="stylesheet" href="/vendor/swiper-6.8.4/swiper-bundle.min.css"> <script defer src="/vendor/alpinejs-3.10.2/cdn.min.js"></script><link type="application/atom+xml" rel="alternate" href="/feed.xml" title="SLSA" /></head> <body x-data="{navOpen: false}" x-init="$refs.body.style.setProperty('--scrollbar-width', `${window.innerWidth - document.body.offsetWidth}px`)" x-ref="body" ><aside class="site-aside flex flex-col flex-none" :class="{'is-open': navOpen}" > <div class="aside-header p-5 flex justify-between items-center show-laptop"> <a rel="author" href="/" class="logo block"> <img class="logo-white" src="/images/logo.svg" alt="SLSA logo" /> </a> <a class="desktop-github-icon" href="https://github.com/slsa-framework/slsa" target="_blank"> <svg width="22" height="22" viewBox="0 0 22 22" fill="currentColor" xmlns="http://www.w3.org/2000/svg"> <path fill-rule="evenodd" clip-rule="evenodd" d="M11.2344 0.150879C5.28641 0.150879 0.468811 4.96848 0.468811 10.9165C0.468811 15.6803 3.55046 19.7039 7.82978 21.1303C8.36806 21.2245 8.56991 20.9016 8.56991 20.619C8.56991 20.3633 8.55646 19.5155 8.55646 18.6139C5.8516 19.1118 5.15184 17.9545 4.93653 17.3489C4.81541 17.0394 4.29059 16.084 3.83306 15.8283C3.45626 15.6264 2.91798 15.1285 3.8196 15.1151C4.66739 15.1016 5.27295 15.8956 5.47481 16.2185C6.44371 17.8468 7.99126 17.3893 8.61028 17.1067C8.70448 16.4069 8.98708 15.9359 9.29659 15.6668C6.90125 15.3977 4.39825 14.4691 4.39825 10.3513C4.39825 9.18051 4.81541 8.21161 5.50172 7.45802C5.39407 7.18888 5.01727 6.08541 5.60938 4.60514C5.60938 4.60514 6.51099 4.32254 8.56991 5.70861C9.43116 5.46639 10.3462 5.34527 11.2613 5.34527C12.1764 5.34527 13.0914 5.46639 13.9527 5.70861C16.0116 4.30909 16.9132 4.60514 16.9132 4.60514C17.5053 6.08541 17.1285 7.18888 17.0209 7.45802C17.7072 8.21161 18.1244 9.16706 18.1244 10.3513C18.1244 14.4826 15.6079 15.3977 13.2126 15.6668C13.6028 16.0032 13.9392 16.6492 13.9392 17.6584C13.9392 19.0983 13.9258 20.2556 13.9258 20.619C13.9258 20.9016 14.1276 21.238 14.6659 21.1303C16.8031 20.4088 18.6602 19.0353 19.9758 17.2031C21.2915 15.3708 21.9994 13.1721 22 10.9165C22 4.96848 17.1824 0.150879 11.2344 0.150879Z" /> </svg> </a> </div> <div class="aside-content px-5 py-1 flex-1 overflow-auto"> <!-- @@ there --> <nav class="site-nav"><ul><li> <a class="nav-link" href="/"> Home </a> </li><li> <a class="nav-link" href="/current-activities"> Current activities </a> </li><li> <a class="nav-link" href="/spec/v1.1-rc2/"> SLSA v1.1 RC2 </a> </li><li> <a class="nav-link" href="/spec/v1.1-rc1/"> SLSA v1.1 RC1 </a> </li><li> <a class="nav-link" href="/spec/v1.0/"> SLSA v1.0 </a> </li><li> <a class="nav-link" href="/spec/draft/"> SLSA Working Draft </a> </li><li> <a class="nav-link" href="/how-to/"> How to SLSA </a> </li><li> <a class="nav-link" href="/spec-stages"> Specification stages </a> </li><li> <a class="nav-link" href="/community"> Community </a> </li><li> <a class="nav-link" href="/blog"> Blog </a> </li> </ul> </nav> </div> </aside> <div class="site-main"> <header class="site-header flex-none" x-data="{ fixed: false, hidden: false, lastPos: window.scrollY, scrolledPast: false }" x-ref="navbar" x-on:scroll.window=" fixed = window.scrollY > lastPos ? window.scrollY >= $refs.navbar.offsetHeight : window.scrollY > 0; hidden = fixed && window.scrollY > lastPos; if (window.scrollY > $refs.navbar.offsetHeight && !scrolledPast) { setTimeout(() => $refs.navbar.classList.add('is-scrolled-past'), 500); scrolledPast = true; } else if (window.scrollY === 0) { $refs.navbar.classList.remove('is-scrolled-past'); scrolledPast = false; } lastPos = window.scrollY; " x-bind:class="{ 'is-fixed': fixed, 'is-hidden': hidden, 'menu-open': navOpen }" > <div class="site-header-inner h-full flex items-center gap-5" > <button x-on:click="navOpen = !navOpen" :class="{ 'active': navOpen }" class="mobile-menu-button inline-block hide-laptop"> <span></span> <span></span> <span></span> </button> <a rel="author" href="/" class="logo block"> <img class="logo-white" src="/images/logo.svg" alt="SLSA logo" /> </a> <a class="desktop-github-icon ml-auto" href="https://github.com/slsa-framework/slsa" target="_blank"> <svg width="22" height="22" viewBox="0 0 22 22" fill="currentColor" xmlns="http://www.w3.org/2000/svg"> <path fill-rule="evenodd" clip-rule="evenodd" d="M11.2344 0.150879C5.28641 0.150879 0.468811 4.96848 0.468811 10.9165C0.468811 15.6803 3.55046 19.7039 7.82978 21.1303C8.36806 21.2245 8.56991 20.9016 8.56991 20.619C8.56991 20.3633 8.55646 19.5155 8.55646 18.6139C5.8516 19.1118 5.15184 17.9545 4.93653 17.3489C4.81541 17.0394 4.29059 16.084 3.83306 15.8283C3.45626 15.6264 2.91798 15.1285 3.8196 15.1151C4.66739 15.1016 5.27295 15.8956 5.47481 16.2185C6.44371 17.8468 7.99126 17.3893 8.61028 17.1067C8.70448 16.4069 8.98708 15.9359 9.29659 15.6668C6.90125 15.3977 4.39825 14.4691 4.39825 10.3513C4.39825 9.18051 4.81541 8.21161 5.50172 7.45802C5.39407 7.18888 5.01727 6.08541 5.60938 4.60514C5.60938 4.60514 6.51099 4.32254 8.56991 5.70861C9.43116 5.46639 10.3462 5.34527 11.2613 5.34527C12.1764 5.34527 13.0914 5.46639 13.9527 5.70861C16.0116 4.30909 16.9132 4.60514 16.9132 4.60514C17.5053 6.08541 17.1285 7.18888 17.0209 7.45802C17.7072 8.21161 18.1244 9.16706 18.1244 10.3513C18.1244 14.4826 15.6079 15.3977 13.2126 15.6668C13.6028 16.0032 13.9392 16.6492 13.9392 17.6584C13.9392 19.0983 13.9258 20.2556 13.9258 20.619C13.9258 20.9016 14.1276 21.238 14.6659 21.1303C16.8031 20.4088 18.6602 19.0353 19.9758 17.2031C21.2915 15.3708 21.9994 13.1721 22 10.9165C22 4.96848 17.1824 0.150879 11.2344 0.150879Z" /> </svg> </a> </div> </header> <main class="site-clamp" aria-label="Content"> <header class="content-header"> <h1 class="mb-16">Software attestations</h1> </header> <div class="site-content has-toc"> <aside class="table-of-contents flex flex-col"> <div class="flex-auto rounded-lg p-4 border border-gray-400 overflow-auto"> <p class="header-small uppercase">On this page</p> <ul><li><a href="#overview">Overview</a></li><li><a href="#formats">Formats</a><ul><li><a href="#first-party">First party</a></li><li><a href="#open-source">Open source</a></li><li><a href="#closed-source-third-party">Closed source, third party</a></li></ul></li><li><a href="#model-and-terminology">Model and Terminology</a></li><li><a href="#recommended-suite">Recommended Suite</a></li></ul> </div> </aside> <div class="content markdown"> <p>A software attestation is an authenticated statement (metadata) about a software artifact or collection of software artifacts. The primary intended use case is to feed into automated policy engines, such as <a href="https://in-toto.io">in-toto</a> and <a href="https://cloud.google.com/binary-authorization">Binary Authorization</a>.</p> <p>This page provides a high-level overview of the attestation model, including standardized terminology, data model, layers, conventions for software attestations, and formats for different use cases.</p> <h2 id="overview">Overview</h2> <p>A <strong>software attestation</strong>, not to be confused with a <a href="https://en.wikipedia.org/wiki/Trusted_Computing#Remote_attestation">remote attestation</a> in the trusted computing world, is an authenticated statement (metadata) about a software artifact or collection of software artifacts. Software attestations are a generalization of raw artifact/code signing.</p> <p>With raw signing, a signature is directly over the artifact (or a hash of the artifact) and <em>implies</em> a single bit of metadata about the artifact, based on the public key. The exact meaning MUST be negotiated between signer and verifier, and a new keyset MUST be provisioned for each bit of information. For example, a signature might denote who produced an artifact, or it might denote fitness for some purpose, or something else entirely.</p> <p>With an attestation, the metadata is <em>explicit</em> and the signature only denotes who created the attestation (authenticity). A single keyset can express an arbitrary amount of information, including things that are not possible with raw signing. For example, an attestation might state exactly how an artifact was produced, including the build command that was run and all of its dependencies (as in the case of SLSA <a href="/provenance">Provenance</a>).</p> <h2 id="formats">Formats</h2> <p>This section explains how to choose the attestation format that’s best suited for your situation by considering factors such as intended use and who will be consuming the attestation.</p> <h3 id="first-party">First party</h3> <p>Producers of first party code might consider the following questions:</p> <ul> <li>Will SLSA be used only within our organization?</li> <li>Is SLSA’s primary use case to manage insider risk?</li> <li>Are we developing entirely in a closed source environment?</li> </ul> <p>If these are the main considerations, the organization can choose any format for internal use. To make an external claim of meeting a SLSA level, however, there needs to be a way for external users to consume and verify your provenance. Currently, SLSA recommends using the <a href="/provenance/v1">SLSA Provenance format</a> for SLSA attestations since it is easy to verify using the <a href="https://github.com/slsa-framework/slsa-verifier">Generic SLSA Verifier</a>.</p> <h3 id="open-source">Open source</h3> <p>Producers of open source code might consider these questions:</p> <ul> <li>Is SLSA’s primary use case to convey trust in how your code was developed?</li> <li>Do you develop software with standard open source licenses?</li> <li>Will the code be consumed by others?</li> </ul> <p>In these situations, we encourage you to use the <a href="/provenance/v1">SLSA Provenance format</a>. The SLSA Provenance format offers a path towards interoperability and cohesion across the open source ecosystem. Users can verify any provenance statement in this format using the <a href="https://github.com/slsa-framework/slsa-verifier">Generic SLSA Verifier</a>.</p> <h3 id="closed-source-third-party">Closed source, third party</h3> <p>Producers of closed source code that is consumed by others might consider the following questions:</p> <ul> <li>Is my code produced for the sole purpose of specific third party consumers?</li> <li>Is SLSA’s primary use case to create trust in our organization or to comply with audits and legal requirements?</li> </ul> <p>In these situations, you might not want to make all the details of your provenance available externally. Consider using Verification Summary Attestations (VSAs) to summarize provenance information in a sanitized way that’s safe for external consumption. For more about VSAs, see the <a href="/verification_summary/v1">Verification Summary Attestation</a> page.</p> <h2 id="model-and-terminology">Model and Terminology</h2> <p>We define the following model to represent any software attestations, regardless of format. Not all formats will have all fields or all layers, but to be called a “software attestation” it MUST fit this general model.</p> <p>The key words MUST, SHOULD, and MAY are to be interpreted as described in <a href="https://tools.ietf.org/html/rfc2119">RFC 2119</a>.</p> <p><img src="/images/attestation_layers.svg" alt="Attestation model diagram" /></p> <p>An example of an attestation in English follows with the components of the attestation mapped to the component names (and colors from the model diagram above):</p> <p><img src="/images/attestation_example_english.svg" alt="Attestation model to English mapping" /></p> <p>Components:</p> <ul> <li><strong>Artifact:</strong> Immutable blob of data described by an attestation, usually identified by cryptographic content hash. Examples: file content, git commit, container digest. MAY also include a mutable locator, such as a package name or URI.</li> <li><strong>Attestation:</strong> Authenticated, machine-readable metadata about one or more software artifacts. An attestation MUST contain at least: <ul> <li><strong>Envelope:</strong> Authenticates the message. At a minimum, it MUST contain: <ul> <li><strong>Message:</strong> Content (statement) of the attestation. The message type SHOULD be authenticated and unambiguous to avoid confusion attacks.</li> <li><strong>Signature:</strong> Denotes the <strong>attester</strong> who created the attestation.</li> </ul> </li> <li><strong>Statement:</strong> Binds the attestation to a particular set of artifacts. This is a separate layer to allow for predicate-agnostic processing and storage/lookup. MUST contain at least: <ul> <li><strong>Subject:</strong> Identifies which artifacts the predicate applies to.</li> <li><strong>Predicate:</strong> Metadata about the subject. The predicate type SHOULD be explicit to avoid misinterpretation.</li> </ul> </li> <li><strong>Predicate:</strong> Arbitrary metadata in a predicate-specific schema. MAY contain: <ul> <li><strong>Link:</strong> <em>(repeated)</em> Reference to a related artifact, such as build dependency. Effectively forms a <a href="https://en.wikipedia.org/wiki/Hypergraph">hypergraph</a> where the nodes are artifacts and the hyperedges are attestations. It is helpful for the link to be standardized to allow predicate-agnostic graph processing.</li> </ul> </li> </ul> </li> <li><strong>Bundle:</strong> A collection of Attestations, which are usually but not necessarily related.</li> <li><strong>Storage/Lookup:</strong> Convention for where attesters place attestations and how verifiers find attestations for a given artifact.</li> </ul> <h2 id="recommended-suite">Recommended Suite</h2> <p>We recommend a single suite of formats and conventions that work well together and have desirable security properties. Our hope is to align the industry around this particular suite because it makes everything easier. That said, we recognize that other choices MAY be necessary in various cases.</p> <table> <thead> <tr> <th>Component</th> <th>Recommendation</th> </tr> </thead> <tbody> <tr> <td>Envelope</td> <td><strong><a href="https://github.com/secure-systems-lab/dsse/">DSSE</a></strong> (ECDSA over NIST P-256 (or stronger) and SHA-256.)</td> </tr> <tr> <td>Statement</td> <td><strong><a href="https://github.com/in-toto/attestation/">in-toto attestations</a></strong></td> </tr> <tr> <td>Predicate</td> <td>Choose as appropriate, i.e.; <a href="/provenance">Provenance</a>, <a href="https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md">SPDX</a>, <a href="https://github.com/in-toto/attestation/issues/98">other predicates defined by third-parties</a>. If none are a good fit, invent a new one</td> </tr> <tr> <td>Bundle</td> <td><strong><a href="https://jsonlines.org/">JSON Lines</a></strong>, see <a href="https://github.com/in-toto/attestation/blob/main/spec/v1/bundle.md">attestation bundle</a></td> </tr> <tr> <td>Storage/Lookup</td> <td><strong>TBD</strong></td> </tr> </tbody> </table> </div> </div> </main><footer class="site-footer flex-none h-card text-white"> <div class="site-clamp py-4 flex flex-wrap items-start justify-between w-full"> <div class="w-full md:w-1/3 mb-8 md:mb-0"> <p><strong>SLSA is a cross-industry collaboration.</strong><br> © 2025 The Linux Foundation, under the terms of the <a href="https://github.com/slsa-framework/governance">Community Specification License 1.0</a></p> </div> <div class="w-full md:w-1/3 mb-8 md:mb-0"> <p><strong>Privacy statement</strong><br> We use <a href="https://goatcounter.com">GoatCounter</a> to help us improve our website by collecting and reporting information on how it's used. We do not store advertising or tracking cookies. The information we collect does not identify anyone and does not track an individual's use of the site.</p> </div> <div class="w-full md:w-1/4 mb-8 md:mb-0 flex md:justify-end"> <p> <a href="https://github.com/slsa-framework/slsa/blob/d96a405bf711527f6baa4d721add61a3dc2cc4c9/docs/attestation-model.md?plain=1" target="_blank" class="flex gap-4 h5 font-normal"> View source on GitHub <svg width="22" height="22" viewBox="0 0 22 22" fill="none" xmlns="http://www.w3.org/2000/svg"> <path fill-rule="evenodd" clip-rule="evenodd" d="M11.2344 0.150879C5.28641 0.150879 0.468811 4.96848 0.468811 10.9165C0.468811 15.6803 3.55046 19.7039 7.82978 21.1303C8.36806 21.2245 8.56991 20.9016 8.56991 20.619C8.56991 20.3633 8.55646 19.5155 8.55646 18.6139C5.8516 19.1118 5.15184 17.9545 4.93653 17.3489C4.81541 17.0394 4.29059 16.084 3.83306 15.8283C3.45626 15.6264 2.91798 15.1285 3.8196 15.1151C4.66739 15.1016 5.27295 15.8956 5.47481 16.2185C6.44371 17.8468 7.99126 17.3893 8.61028 17.1067C8.70448 16.4069 8.98708 15.9359 9.29659 15.6668C6.90125 15.3977 4.39825 14.4691 4.39825 10.3513C4.39825 9.18051 4.81541 8.21161 5.50172 7.45802C5.39407 7.18888 5.01727 6.08541 5.60938 4.60514C5.60938 4.60514 6.51099 4.32254 8.56991 5.70861C9.43116 5.46639 10.3462 5.34527 11.2613 5.34527C12.1764 5.34527 13.0914 5.46639 13.9527 5.70861C16.0116 4.30909 16.9132 4.60514 16.9132 4.60514C17.5053 6.08541 17.1285 7.18888 17.0209 7.45802C17.7072 8.21161 18.1244 9.16706 18.1244 10.3513C18.1244 14.4826 15.6079 15.3977 13.2126 15.6668C13.6028 16.0032 13.9392 16.6492 13.9392 17.6584C13.9392 19.0983 13.9258 20.2556 13.9258 20.619C13.9258 20.9016 14.1276 21.238 14.6659 21.1303C16.8031 20.4088 18.6602 19.0353 19.9758 17.2031C21.2915 15.3708 21.9994 13.1721 22 10.9165C22 4.96848 17.1824 0.150879 11.2344 0.150879Z" fill="white"/> </svg> </a> <br> This site is powered by <a href="https://www.netlify.com">Netlify</a> </p> </div> </div> <div class="site-clamp py-4 flex items-start justify-between w-full mb-16 md:mb-0"> <a rel="author" href="/"><img src="/images/logo.svg" alt="SLSA logo" /></a> </div> </footer> </div> </body> </html>