SLSA - Supply-chain Levels For Software Artifacts

SLSA (pronounced "salsa") is security framework from source to service, giving anyone working with software a common language for increasing levels of software security and supply chain integrity.

The best way to read about SLSA is to visit

What's in this repo?

The primary content of this repo is the docs/ directory, which contains the core SLSA specification and sources to the website.

You can read SLSA's documentation here:

Project status

SLSA is currently in alpha. The framework is constantly being improved. We encourage the community to try adopting SLSA levels incrementally and to share your experiences back to us.


Get involved

We rely on feedback from other organisations to evolve SLSA and be more useful to more people. We’d love to hear your experiences using it.

Are the levels achievable in your project? Would you add or remove anything from the framework? What else is needed before you can adopt it?

Joining the working group

SLSA - Supply-chain Levels For Software Artifacts SLSA - Supply-chain Levels For Software Artifacts Reviewed by Zion3R on 5:30 PM Rating: 5