Community

There’s an active community of members, contributors and collaborators behind the SLSA framework. We’re drawn together by the shared goals of improving software supply chain security and codifying best practices for development, deployment and governance, all collaborating on an objective framework that works for open source projects and organizations, influences policy and regulations, empowers engineers and builds for the future.

ON THIS PAGE

Get involved
Project status
Media
Steering committee
Contributors

Get involved

We rely on feedback from other organizations to evolve SLSA and be more useful to more people. We’d love to hear your experiences using it, and welcome all contributions, challenges and collaboration.

Join the working group

We’re part of the OpenSSF Digital Identity Attestation Working Group. The community meets bi-weekly on Wednesdays at 9am PT. Anyone is welcome to join, whether to listen or to contribute.

Our bi-weekly meet invite Our discussion group The OpenSSF community calendar

Contribute and discuss

The project is authored on GitHub using issues to describe proposed work and pull requests to submit changes. See our contribution guidelines for more details and to add your contribution.

Contribution guidelines Leave us an issue on GitHub

“SLSA’s really the first of its kind, a framework for supply chain and build integrity. What sets it apart is the thriving community behind it, and it’s resonating with different organizations.”

Kim Lewandowski

Founder, Chainguard

Project status

SLSA is currently in alpha

The initial v0.1 specification is out and is now ready to be tried out and tested.

We’ve released an initial set of tools and services to generate SLSA 1-2 provenance, which we’re looking to develop further soon.

Google has been using an internal version of SLSA since 2013 and requires it for all of their production workloads.