Skip to content

SLSA

Spicy — senior dev territorySecurity

ELI5 — The Vibe Check

SLSA (pronounced 'salsa') is a framework with levels (1-4) that measure how secure your software supply chain is. Level 1: you have some build process. Level 4: your build is fully hermetic, reproducible, and tamper-proof. It's a maturity model for 'can someone mess with your software between code and production?'

Real Talk

SLSA is a security framework (by Google and the OpenSSF) providing standards and controls to prevent tampering, improve integrity, and secure software packages. It defines four levels of increasing assurance, from basic build provenance to fully hermetic, reproducible builds.

When You'll Hear This

"We're at SLSA Level 2 — our builds generate provenance attestations." / "SLSA Level 3 requires the build platform to be hardened and isolated."

Related Terms

SBOM

An SBOM is a complete ingredient list for your software — every library, every dependency, every version. Like food nutrition labels but for code.

intermediateSecurity

Sigstore

Sigstore makes signing software as easy as logging in with your Google account. No managing PGP keys, no key rotation headaches.

advancedSecurity

Software Composition Analysis

Software Composition Analysis is a fancy name for 'checking your dependencies for known vulnerabilities and license issues.

intermediateSecurity

Supply Chain Security

Supply Chain Security protects the entire path from code to production — dependencies, build systems, registries, everything.

intermediateSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.