Supply chain levels for software artifacts (SLSA) adoption
Supply chain Levels for Software Artifacts, or SLSA (salsa) is a framework for improving and grading a project's build system and engineering processes. SLSA focuses on security improvements for source code storage as well as build system definition, execution, and observation. SLSA is structured in four levels. This page describes the adoption of SLSA for Constellation.
info
SLSA is still in alpha status. The presented levels and their requirements might change in the future. We will adopt any changes into our engineering processes, as they get defined.
Level 1 - Adopted
All build steps are automated via CMake and GitHub Actions.
Provenance for the CLI is generated using the slsa-github-generator.