This is a working draft. This document may be modified, replaced, or discarded at any time.

Version 1.1 is the current version. See the Version 1.1 documentation.

What's new

This document describes the major changes brought by this Working Draft relative to the prior release, v1.1.

Summary of changes

  • Addition of the Source Track which helps organizations secure their source code development process and consumers establish trust in that source.
  • Updated the threat model to account for the threats mitigated by the Source Track.
  • Improved the structure of the spec to accomodate multiple tracks.
  • Addition of SLSA Verified Properties that allows software supply chain controls that don’t fit neatly within existing SLSA levels or that do exist within SLSA levels but where their is utility in recognizing the specific control while the software might not meet all the other requirements of that level.
‹ SLSA Working Draft About SLSA ›