There’s an active community of members, contributors and collaborators behind the SLSA framework. We’re drawn together by the shared goals of improving software supply chain security and codifying best practices for development, deployment and governance, all collaborating on an objective framework that works for open source projects and organizations, influences policy and regulations, empowers engineers and builds for the future.
Get involved
The SLSA project is an open source project that strives to make useful and practical standards, tools, and documentation to reduce software supply chain risk in the real world. To succeed, we rely on contributors from a variety organizations to help us improve. Whether that’s reporting successes or challenges, contributing changes to the specification or documentation, or developing tooling, we welcome your contributions.
How to contribute
For questions, suggestions, or status updates, please use one of the following channels.
Contribution guidelines Specification meeting (weekly) GitHub issues (tracks all work) Slack (#slsa) Mailing listArchived meeting notes
The SLSA community no longer holds these meetings regularly. Their meeting notes are archived here for posterity.
Community meeting Tooling Special Interest Group“SLSA’s really the first of its kind, a framework for supply chain and build integrity. What sets it apart is the thriving community behind it, and it’s resonating with different organizations.”
Kim Lewandowski
Founder, Chainguard
Project status
SLSA v1.0 is now available, released in April 2023.
We expect the specification to remain stable, with future versions expanding its breadth and depth.
For more information about this release, see What's new in v1.0.
Google has been using an internal version of SLSA since 2013 and requires it for all of their production workloads.
Steering committee
- Joshua Lock - Verizon
- Mark Lodato - Google
- Mike Lieberman - Kusari/CNCF
- Trishank Karthik Kuppusamy - Datadog
Governance
SLSA is a community effort organized within the Open Source Security Foundation (OpenSSF) and released under the Community Specification License 1.0.
For more information about governance, see slsa-framework/governance.