SLSA (Supply-chain Levels for Software Artifacts)
Source: content/manual/06-glossary/supplychain/slsa.md
Definition
A framework to harden build pipelines and verify artifact integrity via progressive levels of assurance.
Why it matters
Reduces risk of tampering and establishes trust in artifacts.
Common pitfalls
- Claiming levels without meeting requirements.
- No consumer verification of attestations.