What's new in SLSA v1.1
SLSA v1.1 is a minor release of SLSA v1 which brings clarifications and additional content without changing the meaning of the specification. This document describes the main changes in v1.1 relative to the prior release, v1.0.
Summary of changes
- Clarify that attestation format schema are informative and the specification texts (SLSA and in-toto attestation) are the canonical source of definitions.
- Add procedure for verifying VSAs.
- Add verifier metadata to VSA format.
- It is now recommended that the
digest
field ofResourceDescriptor
is set in a Verification Summary Attestation’s (VSA)policy
object. - Further refine the threat model.