CINXE.COM
SLSA • Supply-chain Levels for Software Artifacts
<!DOCTYPE html> <html lang="en"><head> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="viewport" content="width=device-width, initial-scale=1" /><!-- Begin Jekyll SEO tag v2.8.0 --> <meta name="generator" content="Jekyll v3.9.5" /> <meta property="og:title" content="Supply-chain Levels for Software Artifacts" /> <meta property="og:locale" content="en_US" /> <meta name="description" content="SLSA is a security framework. It is a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises. It’s how you get from safe enough to being as resilient as possible, at any link in the chain." /> <meta property="og:description" content="SLSA is a security framework. It is a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises. It’s how you get from safe enough to being as resilient as possible, at any link in the chain." /> <meta property="og:site_name" content="SLSA" /> <meta property="og:image" content="/images/icons/android-chrome-192x192.png" /> <meta property="og:type" content="website" /> <meta name="twitter:card" content="summary_large_image" /> <meta property="twitter:image" content="/images/icons/android-chrome-192x192.png" /> <meta property="twitter:title" content="Supply-chain Levels for Software Artifacts" /> <script type="application/ld+json"> {"@context":"https://schema.org","@type":"WebSite","description":"SLSA is a security framework. It is a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises. It’s how you get from safe enough to being as resilient as possible, at any link in the chain.","headline":"Supply-chain Levels for Software Artifacts","image":"/images/icons/android-chrome-192x192.png","name":"SLSA","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"/images/icons/android-chrome-512x512.png"}},"url":"/"}</script> <!-- End Jekyll SEO tag --> <link rel="stylesheet" href="/vendor/tailwindcss-2.2.19/tailwind.min.css"> <link rel="stylesheet" href="/assets/main.css"> <link rel="apple-touch-icon" sizes="180x180" href="/images/icons/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/images/icons/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/images/icons/favicon-16x16.png"> <link rel="icon" type="image/png" sizes="16x16" href="/images/icons/favicon-16x16.png"> <link rel="icon" type="image/x-icon" href="/images/icons/favicon.ico"> <link rel="mask-icon" href="/images/icons/safari-pinned-tab.svg" color="#5bbad5"> <meta name="msapplication-TileColor" content="#da532c" /> <meta name="msapplication-square150x150logo" content="/images/icons/mstile-150x150.png" /> <meta name="theme-color" content="#ffffff" /> <title>SLSA • Supply-chain Levels for Software Artifacts</title> <link rel="stylesheet" href="/fonts/inter/inter.css"> <link rel="stylesheet" href="/fonts/ibm_plex/IBMPlexMono-Regular.css"> <link rel="stylesheet" href="/fonts/prodigy/ProdigySans.css"> <script src="/vendor/swiper-6.8.4/swiper-bundle.min.js"></script> <link rel="stylesheet" href="/vendor/swiper-6.8.4/swiper-bundle.min.css"> <script defer src="/vendor/alpinejs-3.10.2/cdn.min.js"></script><link type="application/atom+xml" rel="alternate" href="/feed.xml" title="SLSA" /></head> <body class="home-page" x-data="{navOpen: false}" x-init="$refs.body.style.setProperty('--scrollbar-width', `${window.innerWidth - document.body.offsetWidth}px`)" x-ref="body" ><aside class="site-aside flex flex-col flex-none" :class="{'is-open': navOpen}" > <div class="aside-header p-5 flex justify-between items-center show-laptop"> <a rel="author" href="/" class="logo block"> <img class="logo-white" src="/images/logo.svg" alt="SLSA logo" /> </a> <a class="desktop-github-icon" href="https://github.com/slsa-framework/slsa" target="_blank"> <svg width="22" height="22" viewBox="0 0 22 22" fill="currentColor" xmlns="http://www.w3.org/2000/svg"> <path fill-rule="evenodd" clip-rule="evenodd" d="M11.2344 0.150879C5.28641 0.150879 0.468811 4.96848 0.468811 10.9165C0.468811 15.6803 3.55046 19.7039 7.82978 21.1303C8.36806 21.2245 8.56991 20.9016 8.56991 20.619C8.56991 20.3633 8.55646 19.5155 8.55646 18.6139C5.8516 19.1118 5.15184 17.9545 4.93653 17.3489C4.81541 17.0394 4.29059 16.084 3.83306 15.8283C3.45626 15.6264 2.91798 15.1285 3.8196 15.1151C4.66739 15.1016 5.27295 15.8956 5.47481 16.2185C6.44371 17.8468 7.99126 17.3893 8.61028 17.1067C8.70448 16.4069 8.98708 15.9359 9.29659 15.6668C6.90125 15.3977 4.39825 14.4691 4.39825 10.3513C4.39825 9.18051 4.81541 8.21161 5.50172 7.45802C5.39407 7.18888 5.01727 6.08541 5.60938 4.60514C5.60938 4.60514 6.51099 4.32254 8.56991 5.70861C9.43116 5.46639 10.3462 5.34527 11.2613 5.34527C12.1764 5.34527 13.0914 5.46639 13.9527 5.70861C16.0116 4.30909 16.9132 4.60514 16.9132 4.60514C17.5053 6.08541 17.1285 7.18888 17.0209 7.45802C17.7072 8.21161 18.1244 9.16706 18.1244 10.3513C18.1244 14.4826 15.6079 15.3977 13.2126 15.6668C13.6028 16.0032 13.9392 16.6492 13.9392 17.6584C13.9392 19.0983 13.9258 20.2556 13.9258 20.619C13.9258 20.9016 14.1276 21.238 14.6659 21.1303C16.8031 20.4088 18.6602 19.0353 19.9758 17.2031C21.2915 15.3708 21.9994 13.1721 22 10.9165C22 4.96848 17.1824 0.150879 11.2344 0.150879Z" /> </svg> </a> </div> <div class="aside-content px-5 py-1 flex-1 overflow-auto"> <select id="redirectSelect.show-laptop" disabled class="select-dropdown p-1 mx-1 my-4 opacity-0 show-laptop border-gray-400"> <option selected value="" class="inline-block"></option> </select> <nav class="site-nav"><ul><li> <a class="nav-link" href="/spec/v1.0/"> Overview </a> </li><li> <span class="section-title">Understanding SLSA</span> <ul><li> <a class="nav-link" href="/spec/v1.0/whats-new"> What's new in v1.0 </a> </li><li> <a class="nav-link" href="/spec/v1.0/about"> About SLSA </a> </li><li> <a class="nav-link" href="/spec/v1.0/threats-overview"> Supply chain threats </a> </li><li> <a class="nav-link" href="/spec/v1.0/use-cases"> Use cases </a> </li><li> <a class="nav-link" href="/spec/v1.0/principles"> Guiding principles </a> </li><li> <a class="nav-link" href="/spec/v1.0/faq"> FAQ </a> </li><li> <a class="nav-link" href="/spec/v1.0/future-directions"> Future directions </a> </li> </ul> </li><li> <span class="section-title">Core specification</span> <ul><li> <a class="nav-link" href="/spec/v1.0/terminology"> Terminology </a> </li><li> <a class="nav-link" href="/spec/v1.0/levels"> Security levels </a> </li><li> <a class="nav-link" href="/spec/v1.0/requirements"> Producing artifacts </a> </li><li> <a class="nav-link" href="/spec/v1.0/distributing-provenance"> Distributing provenance </a> </li><li> <a class="nav-link" href="/spec/v1.0/verifying-artifacts"> Verifying artifacts </a> </li><li> <a class="nav-link" href="/spec/v1.0/verifying-systems"> Verifying build platforms </a> </li><li> <a class="nav-link" href="/spec/v1.0/threats"> Threats & mitigations </a> </li> </ul> </li><li> <span class="section-title">Attestation formats</span> <ul><li> <a class="nav-link" href="/attestation-model"> General model </a> </li><li> <a class="nav-link" href="/spec/v1.0/provenance"> Provenance </a> </li><li> <a class="nav-link" href="/spec/v1.0/verification_summary"> Verification Summary </a> </li> </ul> </li><li> <span class="section-title">How to SLSA</span> <ul><li> <a class="nav-link" href="/get-started"> For developers </a> </li><li> <a class="nav-link" href="/how-to-orgs"> For organizations </a> </li><li> <a class="nav-link" href="/how-to-infra"> For infrastructure providers </a> </li> </ul> </li><li> <a class="nav-link" href="/spec-stages"> Specification stages </a> </li><li> <a class="nav-link" href="/community"> Community </a> </li><li> <a class="nav-link" href="/blog"> Blog </a> </li><li> <a class="nav-link" href="/spec/v1.0/onepage"> Single-page view </a> </li> </ul> </nav> </div> </aside> <div class="site-main"> <header class="site-header flex-none" x-data="{ fixed: false, hidden: false, lastPos: window.scrollY, scrolledPast: false }" x-ref="navbar" x-on:scroll.window=" fixed = window.scrollY > lastPos ? window.scrollY >= $refs.navbar.offsetHeight : window.scrollY > 0; hidden = fixed && window.scrollY > lastPos; if (window.scrollY > $refs.navbar.offsetHeight && !scrolledPast) { setTimeout(() => $refs.navbar.classList.add('is-scrolled-past'), 500); scrolledPast = true; } else if (window.scrollY === 0) { $refs.navbar.classList.remove('is-scrolled-past'); scrolledPast = false; } lastPos = window.scrollY; " x-bind:class="{ 'is-fixed': fixed, 'is-hidden': hidden, 'menu-open': navOpen }" > <div class="site-header-inner h-full flex items-center gap-5" > <button x-on:click="navOpen = !navOpen" :class="{ 'active': navOpen }" class="mobile-menu-button inline-block hide-laptop"> <span></span> <span></span> <span></span> </button> <a rel="author" href="/" class="logo block"> <img class="logo-white" src="/images/logo.svg" alt="SLSA logo" /> </a> <select id="redirectSelect.hide-laptop" disabled class="select-dropdown p-1 mx-1 my-4 opacity-0 hide-laptop border-gray-400"> <option selected value="" class="inline-block"></option> </select> <a class="desktop-github-icon ml-auto" href="https://github.com/slsa-framework/slsa" target="_blank"> <svg width="22" height="22" viewBox="0 0 22 22" fill="currentColor" xmlns="http://www.w3.org/2000/svg"> <path fill-rule="evenodd" clip-rule="evenodd" d="M11.2344 0.150879C5.28641 0.150879 0.468811 4.96848 0.468811 10.9165C0.468811 15.6803 3.55046 19.7039 7.82978 21.1303C8.36806 21.2245 8.56991 20.9016 8.56991 20.619C8.56991 20.3633 8.55646 19.5155 8.55646 18.6139C5.8516 19.1118 5.15184 17.9545 4.93653 17.3489C4.81541 17.0394 4.29059 16.084 3.83306 15.8283C3.45626 15.6264 2.91798 15.1285 3.8196 15.1151C4.66739 15.1016 5.27295 15.8956 5.47481 16.2185C6.44371 17.8468 7.99126 17.3893 8.61028 17.1067C8.70448 16.4069 8.98708 15.9359 9.29659 15.6668C6.90125 15.3977 4.39825 14.4691 4.39825 10.3513C4.39825 9.18051 4.81541 8.21161 5.50172 7.45802C5.39407 7.18888 5.01727 6.08541 5.60938 4.60514C5.60938 4.60514 6.51099 4.32254 8.56991 5.70861C9.43116 5.46639 10.3462 5.34527 11.2613 5.34527C12.1764 5.34527 13.0914 5.46639 13.9527 5.70861C16.0116 4.30909 16.9132 4.60514 16.9132 4.60514C17.5053 6.08541 17.1285 7.18888 17.0209 7.45802C17.7072 8.21161 18.1244 9.16706 18.1244 10.3513C18.1244 14.4826 15.6079 15.3977 13.2126 15.6668C13.6028 16.0032 13.9392 16.6492 13.9392 17.6584C13.9392 19.0983 13.9258 20.2556 13.9258 20.619C13.9258 20.9016 14.1276 21.238 14.6659 21.1303C16.8031 20.4088 18.6602 19.0353 19.9758 17.2031C21.2915 15.3708 21.9994 13.1721 22 10.9165C22 4.96848 17.1824 0.150879 11.2344 0.150879Z" /> </svg> </a> </div> </header> <main class="site-clamp site-content" aria-label="Content"> <div class="content"> <!-- Hero --> <section class="hero home flex justify-center items-center relative"> <video class="absolute object-cover h-full w-full z-0" autoplay muted loop> <source src="images/v1.mp4" type="video/mp4"> Your browser does not support the video tag. </video> <div class="wrapper inner text-green z-20"> <h1 class="md:pr-32">Safeguarding artifact integrity across any software supply chain</h1> </div> </section> <section class="section intro bg-light-green flex justify-center items-center pt-32 pb-16"> <div class="wrapper inner w-full"> <div class="flex flex-wrap justify-between items-center"> <div class="text w-full md:w-1/2"> <h2 class="h2 mb-8">What is SLSA?</h2> <p><strong>Supply-chain Levels for Software Artifacts, or SLSA ("salsa").</strong></p> <p>It’s a security framework, a checklist of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure. It’s how you get from "safe enough" to being as resilient as possible, at any link in the chain.</p> </div> <div class="w-full md:w-1/3 md:mt-0 mt-8"> <img src="images/logo-mono.svg" alt="SLSA logo mark mono version"> </div> </div> </div> </section> <section class="section bg-white flex flex-col justify-center items-center"> <div class="wrapper inner w-full"> <div class="flex flex-wrap justify-between items-start"> <div class="text w-full md:w-1/3"> <h3 class="h2 p-0">The supply chain problem</h3> </div> <div class="w-full md:w-1/2 md:mt-0 mt-8"> <p>Any software can introduce vulnerabilities into a supply chain. As a system gets more complex, it’s critical to already have checks and best practices in place to guarantee artifact integrity, that the source code you’re relying on is the code you’re actually using. Without solid foundations and a plan for the system as it grows, it’s difficult to focus your efforts against tomorrow’s next hack, breach or compromise.</p> <a href="spec/v1.0/threats-overview" class="cta-link h5 font-semibold mt-8">More about supply chain attacks</a> </div> </div> <img class="mt-16 mx-auto w-full md:w-3/4" src="images/SupplyChainDiagram.svg" alt="the supply chain problem image"> </div> </section> <section class="section bg-pastel-green flex flex-col justify-center items-center"> <div class="wrapper inner w-full"> <div class="flex flex-wrap justify-between items-center"> <div class="text w-full md:w-1/2"> <h4 class="h2 mb-8">Levels of assurance</h4> <p>SLSA levels are like a common language to talk about how secure software, supply chains and their component parts really are. From source to platform, the levels blend together industry-recognized best practices to create four compliance levels of increasing assurance. These look at the builds, sources and dependencies in open source or commercial software. Starting with easy, basic steps at the lower levels to build up and protect against advanced threats later, bringing SLSA into your work means prioritized, practical measures to prevent unauthorized modifications to software, and a plan to harden that security over time.</p> <a href="spec/v1.0/levels" class="cta-link h5 font-semibold mt-8">Read the level specifications</a> </div> <div class="w-full md:w-2/4 md:mt-0 mt-8 pl-12"> <img class="w-3/4 mx-auto" src="images/badge-exploded.svg" alt="SLSA levels badge"> </div> </div> </section> <section class="section bg-white flex flex-col justify-center items-center"> <div class="wrapper inner w-full"> <div class="flex flex-wrap justify-between items-start"> <div class="text w-full md:w-1/3"> <h4 class="h2 p-0">Who is SLSA for?</h4> </div> <div class="w-full md:w-1/2 md:mt-0 mt-8"> <p>SLSA is for everyone involved in producing, consuming, and providing infrastructure for software such as build platforms and package ecosystems. SLSA can help create more trust across the entire supply chain. It can be used by producers for protection against tampering and insider threats, by consumers to verify the software they rely on is secure, and by infrastructure providers as a guideline for hardening build platforms and processes.<p> </div> </div> </div> </section> <section class="section bg-pastel-green flex flex-col justify-center items-center"> <div class="wrapper inner w-full"> <div class="flex flex-col justify-center items-center mb-16 text-center md:w-2/3 relative mx-auto"> <p class="h2 mb-10">An industry collaboration</p> <p>SLSA is led by an initial cross-organization, vendor-neutral steering group committed to improving the security ecosystem for everyone.</p> </div> <div class="flex flex-wrap justify-center items-center text-center w-full relative mx-auto mb-16"><div class="w-full md:w-1/4 mb-12"> <img class="mx-auto w-5/12 md:8/12 h-auto" src="/images/logos/chainguard.png" alt="image" /> </div><div class="w-full md:w-1/4 mb-12"> <img class="mx-auto w-5/12 md:8/12 h-auto" src="/images/logos/citi.png" alt="image" /> </div><div class="w-full md:w-1/4 mb-12"> <img class="mx-auto w-5/12 md:8/12 h-auto" src="/images/logos/cncf.png" alt="image" /> </div><div class="w-full md:w-1/4 mb-12"> <img class="mx-auto w-5/12 md:8/12 h-auto" src="/images/logos/datadog.png" alt="image" /> </div><div class="w-full md:w-1/4 mb-12"> <img class="mx-auto w-5/12 md:8/12 h-auto" src="/images/logos/google.png" alt="image" /> </div><div class="w-full md:w-1/4 mb-12"> <img class="mx-auto w-5/12 md:8/12 h-auto" src="/images/logos/intel.png" alt="image" /> </div><div class="w-full md:w-1/4 mb-12"> <img class="mx-auto w-5/12 md:8/12 h-auto" src="/images/logos/kusari.png" alt="image" /> </div><div class="w-full md:w-1/4 mb-12"> <img class="mx-auto w-5/12 md:8/12 h-auto" src="/images/logos/linux-foundation.png" alt="image" /> </div><div class="w-full md:w-1/4 mb-12"> <img class="mx-auto w-5/12 md:8/12 h-auto" src="/images/logos/verizon.png" alt="image" /> </div></div> </div> <div class="wrapper inner w-full"> <div class="flex flex-col justify-center items-center text-center md:w-2/3 relative mx-auto"> <p class="h2 mb-10">Part of the Open Source Security Foundation</p> </div> <div class="flex flex-wrap justify-center items-center text-center w-full relative mx-auto"> <div class="w-6/12 mx-auto"> <img class="w-full mx-auto" src="images/openssf.svg" alt="OpenSSF logo" /> </div> </div> </div> </section> <section x-data="{swiper: null}" x-init="swiper = new Swiper($refs.container, { loop: true, slidesPerView: 1, spaceBetween: 0, dots: true, breakpoints: { 640: { slidesPerView: 1, spaceBetween: 0, }, 768: { slidesPerView: 1, spaceBetween: 0, }, 1024: { slidesPerView: 1, spaceBetween: 0, }, }, })" class="section bg-white flex flex-col justify-center items-center"> <div class="wrapper inner w-full"> <div class="flex flex-col justify-center items-center mb-16 text-center md:w-2/3 relative mx-auto"> <p class="h2 mb-10">Our ethos</p> <p>Today’s projects, products and services are increasingly complex and open to attack. As that trend continues, we need to scale up our effort to provide more secure, accessible ways to protect the development, distribution and consumption of the software we use, and all the impacted communities behind it.</p> </div> <div class="w-full md:w-2/3 relative mx-auto"> <div class="absolute inset-y-0 left-0 z-10 flex items-center"> <button @click="swiper.slidePrev()" class="-ml-2 lg:-ml-12 flex justify-center items-center w-10 h-10 focus:outline-none"> <svg width="16" height="17" viewBox="0 0 16 17" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M15.2033 16.6509C16.2656 11.3624 16.2656 5.93933 15.2033 0.650878C9.66355 2.45134 4.4952 5.16732 3.49691e-07 8.65088C4.4952 12.1344 9.66355 14.8504 15.2033 16.6509Z" fill="#155757"/></svg> </button> </div> <div class="swiper-container" x-ref="container"> <div class="swiper-wrapper"> <!-- Slides --><div class="swiper-slide p-4 bg-light-green rounded-lg"> <article class="p-6 flex flex-col items-start justify-between h-auto md:h-64"> <div class="w-full mb-8"> <p class="font-bold h3"> “This is our chance to work with the industry, set a standard which we can all agree to, and work together to raise the collective bar.” </p> </div> <div class="flex flex-wrap items-center justify-between w-full mt-auto"> <div class="w-full md:w-3/4 pr-6 mb-6 md:mb-0"> <p class="font-semibold h4 mb-0.5">Trishank Karthik Kuppusamy</p> <p class="font-regular">Staff Security Engineer at Datadog</p> </div> <div class="w-full md:w-1/4 flex justify-end"> <div class="bg-white p-2 rounded-xl h-16 w-16 flex items-center"> <img class="w-auto mx-auto" src="/images/datadog.png" alt"Testimonial Logo" /> </div> </div> </div> </article> </div><div class="swiper-slide p-4 bg-light-green rounded-lg"> <article class="p-6 flex flex-col items-start justify-between h-auto md:h-64"> <div class="w-full mb-8"> <p class="font-bold h3"> “Software supply chain visibility will become a cross-industry need to establish best practices and trusted evidence in each link.” </p> </div> <div class="flex flex-wrap items-center justify-between w-full mt-auto"> <div class="w-full md:w-3/4 pr-6 mb-6 md:mb-0"> <p class="font-semibold h4 mb-0.5">Bruno Domingues</p> <p class="font-regular">CTO, Financial Services Industry, Intel</p> </div> <div class="w-full md:w-1/4 flex justify-end"> <div class="bg-white p-2 rounded-xl h-16 w-16 flex items-center"> <img class="w-auto mx-auto" src="/images/intel-logo.png" alt"Testimonial Logo" /> </div> </div> </div> </article> </div><div class="swiper-slide p-4 bg-light-green rounded-lg"> <article class="p-6 flex flex-col items-start justify-between h-auto md:h-64"> <div class="w-full mb-8"> <p class="font-bold h3"> “Having a common language and standard for objectively measuring our supply chain security is a must in order to even begin meeting EO 14028.” </p> </div> <div class="flex flex-wrap items-center justify-between w-full mt-auto"> <div class="w-full md:w-3/4 pr-6 mb-6 md:mb-0"> <p class="font-semibold h4 mb-0.5">Trishank Karthik Kuppusamy</p> <p class="font-regular">Staff Security Engineer at Datadog</p> </div> <div class="w-full md:w-1/4 flex justify-end"> <div class="bg-white p-2 rounded-xl h-16 w-16 flex items-center"> <img class="w-auto mx-auto" src="/images/datadog.png" alt"Testimonial Logo" /> </div> </div> </div> </article> </div><div class="swiper-slide p-4 bg-light-green rounded-lg"> <article class="p-6 flex flex-col items-start justify-between h-auto md:h-64"> <div class="w-full mb-8"> <p class="font-bold h3"> “The threat to the software supply chain is real and growing, 650% from the last year. However, changing development process without slowing down is a major barrier.” </p> </div> <div class="flex flex-wrap items-center justify-between w-full mt-auto"> <div class="w-full md:w-3/4 pr-6 mb-6 md:mb-0"> <p class="font-semibold h4 mb-0.5">Bruno Domingues</p> <p class="font-regular">CTO, Financial Services Industry, Intel</p> </div> <div class="w-full md:w-1/4 flex justify-end"> <div class="bg-white p-2 rounded-xl h-16 w-16 flex items-center"> <img class="w-auto mx-auto" src="/images/intel-logo.png" alt"Testimonial Logo" /> </div> </div> </div> </article> </div><div class="swiper-slide p-4 bg-light-green rounded-lg"> <article class="p-6 flex flex-col items-start justify-between h-auto md:h-64"> <div class="w-full mb-8"> <p class="font-bold h3"> “Regulated industries such as Financial Services are being more vocal on defining their responsibility on the software supply chain. Having control and traceability as a requirement is taking shape.” </p> </div> <div class="flex flex-wrap items-center justify-between w-full mt-auto"> <div class="w-full md:w-3/4 pr-6 mb-6 md:mb-0"> <p class="font-semibold h4 mb-0.5">Bruno Domingues</p> <p class="font-regular">CTO, Financial Services Industry, Intel</p> </div> <div class="w-full md:w-1/4 flex justify-end"> <div class="bg-white p-2 rounded-xl h-16 w-16 flex items-center"> <img class="w-auto mx-auto" src="/images/intel-logo.png" alt"Testimonial Logo" /> </div> </div> </div> </article> </div></div> </div> <div class="absolute inset-y-0 right-0 z-10 flex items-center"> <button @click="swiper.slideNext()" class="-mr-2 lg:-mr-12 flex justify-center items-center w-10 h-10 focus:outline-none"> <svg width="16" height="17" viewBox="0 0 16 17" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M0.796665 16.6509C-0.265559 11.3624 -0.26556 5.93933 0.796663 0.650878C6.33645 2.45134 11.5048 5.16732 16 8.65088C11.5048 12.1344 6.33645 14.8504 0.796665 16.6509Z" fill="#155757"/></svg> </button> </div> </div> </div> </section> <section class="section bg-light-green flex justify-center items-center"> <div class="wrapper inner w-full"> <div class="flex flex-col justify-center items-center text-center md:mb-16 md:w-2/3 relative mx-auto"> <p class="h2 mb-8">Get started</p> </div> <div class="flex flex-wrap justify-center w-6/7 mx-auto md:-ml-4"> <div class="w-full md:w-1/2 getting_started_card md:pl-4 mb-8 md:mb-0"> <a href="get-started" class="hover:no-underline"> <div class="bg-white h-full rounded-lg p-10 flex flex-col"> <p class="h3 font-semibold mb-8 md:mb-6">Start using SLSA</p> <p>Ready to put your project through its paces? The first on-ramp to SLSA is generating provenance. We’ve put together a walkthrough with the steps you’ll need to take and available tools you can use.</p> <p class="cta-link h5 font-semibold mt-auto pt-8 md:pt-0">Get started</p> </div> </a> </div> <div class="w-full md:w-1/2 getting_started_card md:pl-4"> <a href="spec/v1.0/" class="hover:no-underline"> <div class="bg-white h-full rounded-lg p-10 flex flex-col"> <p class="h3 font-semibold mb-8 md:mb-6">Review the specifications</p> <p>Want to learn about how it fits your organization’s security? Here’s the documentation behind the framework, with use cases, specific threats (and their prevention), provenance and fully detailed requirements.</p> <p class="cta-link h5 font-semibold mt-auto pt-8 md:pt-0">Learn more</p> </div> </a> </div> </div> </div> </section> <section class="section bg-green-dark flex justify-center items-center"> <div class="wrapper inner w-full"> <div class="flex flex-wrap justify-between items-start text-white"> <div class="text w-full md:w-1/3"> <p class="h2 p-0">Project status</p> </div> <div class="w-full md:w-1/2"> <div class="rounded-lg text-green p-5 border border-green-400 inline-block mt-8 md:mt-0 mb-8 h4 font-semibold">SLSA v1.0 is available now!</div> <p> <a href="spec/v1.0/">SLSA v1.0</a> is now available, released in April 2023. We expect the specification to remain stable, with future versions expanding its breadth and depth. For more information about this release, see <a href="/spec/v1.0/whats-new">What's new in v1.0</a>. <br><br> Google has been using an internal version of SLSA since 2013 and requires it for all of their production workloads.</p> </div> </div> </div> </section> </div> </main><footer class="site-footer flex-none h-card text-white"> <div class="site-clamp py-4 flex flex-wrap items-start justify-between w-full"> <div class="w-full md:w-1/3 mb-8 md:mb-0"> <p><strong>SLSA is a cross-industry collaboration.</strong><br> © 2024 The Linux Foundation, under the terms of the <a href="https://github.com/slsa-framework/governance">Community Specification License 1.0</a></p> </div> <div class="w-full md:w-1/3 mb-8 md:mb-0"> <p><strong>Privacy statement</strong><br> We use <a href="https://goatcounter.com">GoatCounter</a> to help us improve our website by collecting and reporting information on how it's used. We do not store advertising or tracking cookies. The information we collect does not identify anyone and does not track an individual's use of the site.</p> </div> <div class="w-full md:w-1/4 mb-8 md:mb-0 flex md:justify-end"> <p> <a href="https://github.com/slsa-framework/slsa/blob/089d120f336c9acf4d16af1fd889a26b0d7c372a/docs/index.md?plain=1" target="_blank" class="flex gap-4 h5 font-normal"> View source on GitHub <svg width="22" height="22" viewBox="0 0 22 22" fill="none" xmlns="http://www.w3.org/2000/svg"> <path fill-rule="evenodd" clip-rule="evenodd" d="M11.2344 0.150879C5.28641 0.150879 0.468811 4.96848 0.468811 10.9165C0.468811 15.6803 3.55046 19.7039 7.82978 21.1303C8.36806 21.2245 8.56991 20.9016 8.56991 20.619C8.56991 20.3633 8.55646 19.5155 8.55646 18.6139C5.8516 19.1118 5.15184 17.9545 4.93653 17.3489C4.81541 17.0394 4.29059 16.084 3.83306 15.8283C3.45626 15.6264 2.91798 15.1285 3.8196 15.1151C4.66739 15.1016 5.27295 15.8956 5.47481 16.2185C6.44371 17.8468 7.99126 17.3893 8.61028 17.1067C8.70448 16.4069 8.98708 15.9359 9.29659 15.6668C6.90125 15.3977 4.39825 14.4691 4.39825 10.3513C4.39825 9.18051 4.81541 8.21161 5.50172 7.45802C5.39407 7.18888 5.01727 6.08541 5.60938 4.60514C5.60938 4.60514 6.51099 4.32254 8.56991 5.70861C9.43116 5.46639 10.3462 5.34527 11.2613 5.34527C12.1764 5.34527 13.0914 5.46639 13.9527 5.70861C16.0116 4.30909 16.9132 4.60514 16.9132 4.60514C17.5053 6.08541 17.1285 7.18888 17.0209 7.45802C17.7072 8.21161 18.1244 9.16706 18.1244 10.3513C18.1244 14.4826 15.6079 15.3977 13.2126 15.6668C13.6028 16.0032 13.9392 16.6492 13.9392 17.6584C13.9392 19.0983 13.9258 20.2556 13.9258 20.619C13.9258 20.9016 14.1276 21.238 14.6659 21.1303C16.8031 20.4088 18.6602 19.0353 19.9758 17.2031C21.2915 15.3708 21.9994 13.1721 22 10.9165C22 4.96848 17.1824 0.150879 11.2344 0.150879Z" fill="white"/> </svg> </a> <br> This site is powered by <a href="https://www.netlify.com">Netlify</a> </p> </div> </div> <div class="site-clamp py-4 flex items-start justify-between w-full mb-16 md:mb-0"> <a rel="author" href="/"><img src="/images/logo.svg" alt="SLSA logo" /></a> </div> </footer> </div> </body> </html>