SLSA (pronounced “salsa”) is security framework from source to service, giving anyone working with software a common language for increasing levels of software security and supply chain integrity.
The best way to read about SLSA is to visit slsa.dev.
What’s in this repo?
The primary content of this repo is the docs/ directory, which contains the core SLSA specification and sources to the slsa.dev website.
You can read SLSA’s documentation here:
Project status
SLSA is currently in alpha. The framework is constantly being improved. We encourage the community to try adopting SLSA levels incrementally and to share your experiences back to us.
Contributors
Get involved
We rely on feedback from other organisations to evolve SLSA and be more useful to more people. We’d love to hear your experiences using it.
Are the levels achievable in your project? Would you add or remove anything from the framework? What else is needed before you can adopt it?
Joining the working group
Source : KitPloit – PenTest Tools!