SLSA L1 Framework
Type: Initiative
ID: SLSA.L1
Version: 1.0.0
Bundle-Version: v2
Source: v2/initiatives/slsa.l1.yaml
Help: https://slsa.dev/
Evaluate SLSA Level 1
Description
This initiative ensures that every critical build artifact includes the minimum required provenance metadata as specified in SLSA Level 1. By recording detailed information about the build process—such as timestamps, authors, and build details— organizations establish a traceable chain-of-custody for their software artifacts.
Controls Overview
| Control Name | Control Description | Mitigation |
|---|---|---|
| [provenance] Provenance exists | This control verifies that essential provenance metadata is present for each build artifact. | Ensure that provenance metadata is present for critical build artifacts to support supply chain integrity. |
Evidence Defaults
| Field | Value |
|---|---|
| signed | False |
Detailed Controls
[provenance] Provenance exists
This control verifies that essential provenance metadata is present for each build artifact.
Mitigation
Ensure that provenance metadata is present for critical build artifacts to support supply chain integrity.
Rules
| Rule ID | Rule Name | Rule Description |
|---|---|---|
| provenance-exists | Provenance exists | Verify that the Provenance document evidence exists. |