This page covers the detailed technical requirements for producing artifacts at each SLSA level. The intended audience is system implementers and security engineers.
For an informative description of the levels intended for all audiences, see Levels. For background, see Terminology. To better understand the reasoning behind the requirements, see Threats and mitigations.
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119.
In order to produce artifacts with a specific build level, responsibility is split between the Producer and Build system. The build system MUST strengthen the security controls in order to achieve a specific level while the producer MUST choose and adopt a build system capable of achieving a desired build level, implementing any controls as specified by the chosen system.
|Producer||Choose an appropriate build system||✓||✓||✓|
|Follow a consistent build process||✓||✓||✓|
|Build system||Provenance generation||Exists||✓||✓||✓|
|Isolation strength||Build service||✓||✓|
|Ephemeral and isolated||✓|
Security Best Practices
While the exact definition of what constitutes a secure system is beyond the scope of this specification, all implementations MUST use industry security best practices to be conformant to this specification. This includes, but is not limited to, using proper access controls, securing communications, implementing proper management of cryptographic secrets, doing frequent updates, and promptly fixing known vulnerabilities.
Various relevant standards and guides can be consulted for that matter such as the CIS Critical Security Controls.
A package’s producer is the organization that owns and releases the software. It might be an open-source project, a company, a team within a company, or even an individual.
NOTE: There were more requirements for producers in the initial draft version (v0.1) which impacted how a package can be built. These were removed in the v1.0 specification and will be reassessed and re-added as indicated in the future directions.
Choose an appropriate build system
The producer MUST select a build system that is capable of reaching their desired SLSA Build Level.
For example, if a producer wishes to produce a Build Level 3 artifact, they MUST choose a builder capable of producing Build Level 3 provenance.
Follow a consistent build process
The producer MUST build their artifact in a consistent manner such that verifiers can form expectations about the build process. In some implemenatations, the producer MAY provide explicit metadata to a verifier about their build process. In others, the verifier will form their expectations implicitly (e.g. trust on first use).
For example, if a producer wishes to distribute their artifact through a package ecosystem that requires explicit metadata about the build process in the form of a config file. That metadata includes the artifact’s source repository and build parameters that stay constant between builds. The producer MUST complete that config file and keep it up to date.
The producer MUST distribute provenance to artifact consumers. The producer MAY delegate this responsibility to the package ecosystem, provided that the package ecosystem is capable of distributing provenance.
A package’s build system is the infrastructure used to transform the software from source to package. This includes the transitive closure of all hardware, software, persons, and organizations that can influence the build. A build system is often a hosted, multi-tenant build service, but it could be a system of multiple independent rebuilders, a special-purpose build system used by a single software project, or even a developer’s workstation. Ideally, one build system is used by many different software packages so that consumers can minimize the number of trusted systems. For more background, see Build Model.
The build system is responsible for providing two things: provenance generation and isolation between builds. The Build level describes the degree to which each of these properties is met.
The build system is responsible for generating provenance describing how the package was produced.
The SLSA Build level describes the minimum bound for:
- Completeness: What information is contained in the provenance?
- Authenticity: How strongly can the provenance be tied back to the builder?
- Accuracy: How resistant is the provenance generation to tampering within the build process?
The build process MUST generate provenance that unambiguously identifies the output package and describes how that package was produced.
The format MUST be acceptable to the package ecosystem and/or consumer. It is RECOMMENDED to use the SLSA Provenance format and associated suite because it is designed to be interoperable, universal, and unambiguous when used for SLSA. See that format’s documentation for requirements and implementation guidelines. If using an alternate format, it MUST contain the equivalent information as SLSA Provenance at each level and SHOULD be bi-directionally translatable to SLSA Provenance.
|Provenance is Authentic||
Authenticity: Consumers MUST be able to validate the authenticity of the provenance attestation in order to:
This SHOULD be through a digital signature from a private key accessible only to the service that generated the provenance attestation.
This allows the consumer to trust the contents of the provenance attestation, such as the identity of the build system.
Accuracy: The provenance MUST be generated by the build system (i.e. within the trust boundary identified in the provenance) and not by a tenant of the build system (i.e. outside the trust boundary).
Completeness: SHOULD be complete.
|Provenance is Non-forgeable||
Accuracy: Provenance MUST be strongly resistant to influence by tenants.
Completeness: SHOULD be complete.
Note: This requirement was called “non-falsifiable” in the initial draft version (v0.1).
The build system is responsible for isolating between builds, even within the same tenant project. In other words, how strong of a guarantee do we have that the build really executed correctly, without external influence?
The SLSA Build level describes the minimum bar for isolation strength. For more information on assessing a build system’s isolation strength, see Verifying build systems.
All build steps ran using some build service, not on a maintainer’s workstation.
Examples: GitHub Actions, Google Cloud Build, Travis CI.
|Ephemeral and isolated||
The build service ensured that the build steps ran in an ephemeral and isolated environment provisioned solely for this build, free of influence from other build instances, whether prior or concurrent.
Note: This requirement was split into “Isolated” and “Ephemeral Environment” in the initial draft version (v0.1).