GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → slsa-framework → slsa

slsa-framework / slsa

Licence: other
Supply-chain Levels for Software Artifacts

Labels

securitydevopssupply-chain-security

Projects that are alternatives of or similar to slsa

chainalert-github-action
scans popular packages and alerts in cases there is suspicion of an account takeover
Stars: ✭ 38 (-95.67%)
Mutual labels:  supply-chain-security
pacman-bintrans
Experimental binary transparency for pacman with sigstore and rekor
Stars: ✭ 79 (-91%)
Mutual labels:  supply-chain-security
sbom-operator
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
Stars: ✭ 114 (-87.02%)
Mutual labels:  supply-chain-security

SLSA ("salsa") is Supply-chain Levels for Software Artifacts

SLSA (pronounced "salsa") is a security framework from source to service, giving anyone working with software a common language for increasing levels of software security and supply chain integrity. It’s how you get from safe enough to being as resilient as possible, at any link in the chain.

Learning about SLSA

See https://slsa.dev to learn about SLSA.

What's in this repo?

The primary content of this repo is the docs/ directory, which contains the core SLSA specification and sources to the slsa.dev website. See the README.md in that directory for instructions on how to build the site.

This repository also hosts SLSA's main issue tracker, covering the website, specification, and overall project management. Other git repositories within the slsa-framework organization have repo-specific issue trackers.

How to get involved

See https://slsa.dev/community for ways to get involved in SLSA development.

Governance

SLSA is an OpenSSF project. See slsa-framework/governance for governance information, including current steering committee members.

To include the steering committee on GitHub, use @slsa-framework/slsa-steering-committee.

License

All SLSA specification content contributed following adoption of the Community Specification governance model is provided under the Community Specification License 1.0.

Pre-existing portions of the SLSA specification from contributors who have not subsequently contributed under the Community Specification License 1.0 following its adoption are provided under the Apache License 2.0.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].