https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/compliance/slsa/Recent content in SLSA 1.1 onHugo -- gohugo.ioen-USTue, 14 Feb 2023 08:49:15 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/compliance/slsa/what-is-slsa/Tue, 14 Feb 2023 08:49:15 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/compliance/slsa/what-is-slsa/SLSA (pronounced “salsa”), or Supply chain Levels for Software Artifacts, is a security framework consisting of standards and controls that prevent tampering, improve integrity, and secure packages and infrastructure. While cyberattacks like SolarWinds and Codecov have demonstrated the importance of protecting software from tampering and malicious compromise, the complexity of the software development lifecycle can leave many feeling unable to adequately understand or respond to these specific security issues. Released by Google’s Open Source Security Team in 2021, SLSA was created as a framework to help software creators understand where and how they can harden their supply chain security practices, and help software consumers evaluate the integrity of a software product or component before they decide to use it.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/compliance/slsa/slsa-chainguard/Wed, 23 Jul 2025 01:24:23 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/compliance/slsa/slsa-chainguard/SLSA (pronounced “salsa”), or Supply chain Levels for Software Artifacts, is a security framework consisting of standards and controls that prevent tampering, improve integrity, and secure packages and infrastructure. It is described in depth in What is SLSA?. All Chainguard products — including Chainguard Containers, Guarded VMs, and Chainguard Libraries — are SLSA Level 3 compliant to provide confidence in the security of these products. This page describes what we have done to bring Chainguard products into full SLSA Level 3 compliance.