Developer Experience and Pl January 27, 2026 9 min read

SLSA framework for supply chain integrity levels guide

Developer Experience and Pl Enterprise Guide 2026 SCALE D2C D2C Technology Developer Experience and Pl Enterprise Guide 2026 SCALE D2C D2C Technology

SLSA (Supply-chain Levels for Software Artifacts) is a security framework developed by Google and the OpenSSF that provides a graduated set of requirements for securing software supply chains — from basic build practices to fully hermetic, verifiable builds. In 2026, SLSA is becoming a procurement requirement for enterprise software vendors and a baseline expectation for cloud-native deployments.

What Is SLSA and Why Does It Exist?

The SolarWinds attack (2020), the Codecov bash uploader compromise (2021), and the XZ Utils backdoor (2024) demonstrated that sophisticated attackers target the software supply chain — the build systems, dependencies, and distribution channels through which software reaches production — rather than attacking production systems directly. SLSA was created to provide a common vocabulary and set of requirements that make software supply chain attacks progressively more difficult across four levels of assurance.

Definition

SLSA (Supply-chain Levels for Software Artifacts) is a graduated security framework that defines four levels of supply chain integrity requirements — from basic provenance documentation to fully reproducible, hermetically sealed builds — enabling organisations to assess and communicate the security posture of their software build and release processes.

62%

Of enterprises experienced a software supply chain attack in 2024 (Gartner)

SLSA L2

Minimum level now required by US CISA for federal software suppliers

SLSA levels, each progressively hardening the build process

SLSA Levels Explained

Level	Name	Key Requirements	Protects Against
SLSA L1	Provenance exists	Provenance document generated describing how the artifact was built	Accidental or undetected tampering; enables basic audit trail
SLSA L2	Hosted source & build	Build uses hosted build service; provenance is signed by build service	Compromised developer workstations; basic build tampering
SLSA L3	Hardened build	Build service is hardened against tampering; provenance non-falsifiable by build service admin	Compromised build platform; insider threats in CI/CD
SLSA L4	Reproducible build	Builds are hermetic and reproducible; two-party review of all changes	Sophisticated supply chain attacks; backdoor insertion

Understanding Build Provenance

Provenance is the signed, verifiable record of how a software artifact was produced: which source code revision was used, which build system built it, which dependencies were included, and when the build occurred. SLSA uses the in-toto Attestation Framework for provenance documents, which produces a signed JSON-LD document attesting to the build inputs and outputs.

// Example SLSA provenance document (simplified)
{
  "_type": "https://in-toto.io/Statement/v0.1",
  "subject": [{
    "name": "my-service-v1.2.3.tar.gz",
    "digest": { "sha256": "abc123..." }
  }],
  "predicateType": "https://slsa.dev/provenance/v0.2",
  "predicate": {
    "builder": { "id": "https://github.com/actions/runner" },
    "buildType": "https://github.com/slsa-framework/slsa-github-generator/...",
    "invocation": {
      "configSource": {
        "uri": "git+https://github.com/myorg/myrepo@refs/heads/main",
        "digest": { "sha1": "abc456..." },
        "entryPoint": ".github/workflows/release.yml"
      }
    },
    "metadata": {
      "buildStartedOn": "2026-03-15T14:23:00Z",
      "completeness": { "parameters": true, "environment": true, "materials": true }
    }
  }
}

Implementing SLSA with GitHub Actions

The SLSA GitHub Generator project provides reusable GitHub Actions workflows that produce SLSA L3 provenance for common artifact types (Go binaries, containers, generic artifacts) without requiring teams to implement the provenance generation themselves.

# .github/workflows/release.yml — SLSA L3 for a Go binary
jobs:
  build:
    outputs:
      binary-name: ${{ steps.build.outputs.binary-name }}
      hashes: ${{ steps.hash.outputs.hashes }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Build binary
        id: build
        run: |
          go build -o myservice ./cmd/myservice
          echo "binary-name=myservice" >> $GITHUB_OUTPUT
      - name: Generate hashes
        id: hash
        run: |
          set -euo pipefail
          echo "hashes=$(sha256sum myservice | base64 -w0)" >> $GITHUB_OUTPUT

  provenance:
    needs: [build]
    permissions:
      actions: read
      id-token: write
      contents: write
    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
    with:
      base64-subjects: "${{ needs.build.outputs.hashes }}"

SLSA and SBOMs: Complementary Approaches

SLSA Provenance

Answers: How was this artifact built?
Build process integrity and chain of custody
Cryptographically signed by the build system
Protects against build tampering and supply chain attacks
Generated by: SLSA GitHub Generator, Tekton Chains, GUAC

SBOM (Software Bill of Materials)

Answers: What is in this artifact?
Complete inventory of software components and dependencies
Enables vulnerability scanning against CVE databases
Protects against known-vulnerable component inclusion
Generated by: Syft, Trivy, SPDX tools, CycloneDX

SLSA provenance and SBOMs are complementary — provenance proves the artifact was built correctly from known sources; SBOMs document what those sources contain. US Executive Order 14028 (Improving the Nation's Cybersecurity) requires both from software vendors supplying to the US federal government.

SLSA Implementation Roadmap

Assess Current State (Target: SLSA L1)

Audit current build processes to understand: where builds happen (developer laptops vs CI/CD), whether build steps are scripted or manual, whether artifacts are versioned and immutable, and whether any provenance documentation exists. Most teams start at SLSA L0 (no provenance).

Migrate All Builds to CI/CD (Target: SLSA L2)

Eliminate developer laptop builds for release artifacts. All production builds must run on a hosted CI/CD service (GitHub Actions, GitLab CI, Google Cloud Build). Implement signed provenance generation using SLSA GitHub Generator or equivalent. This is the minimum bar for most enterprise and government procurement requirements.

Harden Build Platforms (Target: SLSA L3)

Implement build platform hardening: ephemeral build environments (no persistent state between builds), isolated network access for builds, parameterised build configurations that prevent injection, and non-falsifiable provenance signed by the build platform's identity (not by the workflow). Use Sigstore/Cosign for container image signing.

Implement Provenance Verification in Deployment

Configure admission controllers in Kubernetes (OPA Gatekeeper, Kyverno) to verify SLSA provenance attestations before deploying container images. Reject images without valid SLSA provenance meeting your minimum level. Integrate provenance verification into your artifact registry (Sigstore policy controller, AWS Signer).

Expert Q&A

Frequently Asked Questions

SLSA (Supply-chain Levels for Software Artifacts, pronounced "salsa") is a security framework that provides a graduated set of requirements for securing the software build and release process. It solves the problem of software supply chain attacks — where attackers compromise build systems, CI/CD pipelines, or dependencies to insert malicious code into software without compromising the source code repository. SLSA defines four levels of increasingly rigorous requirements, from basic provenance documentation (L1) to fully hermetic, reproducible builds with two-party review (L4), giving organisations a concrete roadmap for hardening their software supply chains.

Build provenance is a cryptographically signed document that records how a software artifact was produced: which source code commit was used, which build system ran the build, which dependencies were included, and the timestamp of the build. It creates an auditable, tamper-evident chain of custody from source code to deployable artifact. Provenance is important because it allows you to verify that a binary was produced from the specific source code you expect, by the build system you trust, without any undocumented modifications — making supply chain attacks detectable. SLSA uses the in-toto Attestation Framework for provenance documents, which are signed using Sigstore's ephemeral signing infrastructure.

SLSA L2 is the practical minimum for organisations that supply software to enterprise or government customers, as it is now referenced in US federal procurement guidance (CISA) and several enterprise vendor security assessments. SLSA L2 requires that all production builds run on a hosted CI/CD service (not developer laptops) and that signed provenance is generated and available for consumers to verify. SLSA L3 is appropriate for high-value software (security tools, infrastructure software, anything handling sensitive data) and is increasingly required by major cloud providers and regulated industries. SLSA L4 (reproducible builds) is appropriate for the most critical infrastructure software and is currently achieved by only a small number of projects.

Sigstore is the cryptographic signing infrastructure that SLSA uses to sign provenance documents and software artifacts. Sigstore provides: Cosign for signing and verifying container images and other artifacts; Fulcio, a certificate authority that issues short-lived signing certificates tied to OIDC identities (GitHub Actions identities, Google service accounts); and Rekor, a transparency log that records all signatures for public audit. SLSA defines what should be signed (provenance documents with specific required fields) and the trust model; Sigstore provides the signing infrastructure that makes it possible to sign artifacts with verified CI/CD system identities without managing long-lived signing keys — a significant operational simplification.

SLSA provenance answers the question "how was this artifact built?" — documenting the build process, build system, and chain of custody. An SBOM (Software Bill of Materials) answers "what is in this artifact?" — providing a complete inventory of all software components, dependencies, and their versions. They are complementary: SLSA provenance proves the artifact was built without tampering from known sources; an SBOM documents what those sources contain so consumers can scan for known vulnerabilities. US Executive Order 14028 and CISA guidance require both from software vendors supplying to the federal government. The combination provides both process integrity (SLSA) and component visibility (SBOM).

SLSA provenance verification at deployment is typically implemented at the container registry or Kubernetes admission controller layer. For container images, Sigstore's policy-controller (a Kubernetes admission controller) can be configured to verify that all images have valid SLSA provenance attestations meeting a specified level before admission. The slsa-verifier CLI tool can verify provenance documents for binaries and other artifacts. For registry-level enforcement, AWS ECR supports Sigstore signatures through AWS Signer, and GitHub's container registry (GHCR) supports provenance attestations natively. The verification checks that the provenance signature is valid, that the signing identity matches the expected build system, and that the provenance fields meet SLSA level requirements.

A hermetic build is a build that is fully isolated from the external environment — all dependencies are pre-declared and resolved before the build starts, no network access is permitted during the build, and the same inputs always produce bit-for-bit identical outputs (reproducibility). Hermetic builds make supply chain attacks extremely difficult because there is no opportunity to inject malicious dependencies or modify the build environment during execution. SLSA L4 is difficult because achieving true reproducibility requires eliminating all sources of non-determinism in the build: timestamps embedded in binaries, random ordering in archives, compiler version variation, and operating system state. Most build systems have non-deterministic elements that must be explicitly addressed, and the toolchain ecosystem (compiler, linker, archive tools) must all support reproducible output modes.

No — SLSA is equally relevant and increasingly required for commercial software. The framework originated in the open-source ecosystem (driven by Google and the OpenSSF) but has been adopted as a supply chain security standard for all software. US government procurement guidance now references SLSA levels for commercial software vendors. Enterprise customers in financial services, healthcare, and critical infrastructure are including SLSA level requirements in vendor security questionnaires and contracts. For SaaS and internal enterprise software, SLSA provides the same value: protecting against CI/CD compromise, insider threats in the build process, and build environment tampering that can introduce vulnerabilities or backdoors into production deployments.

SLSA FRAME

Developer Experience and Pl

Ready to Implement SLSA framework for supply chain integrity levels g...?

Our specialist team delivers measurable ROI from Developer Experience and Pl programmes for enterprise and D2C brands.

Book a Free Advisory Call Explore All Services