Supply-chain Levels for Software Artifacts
SLSA, pronounced "salsa", is a framework of graduated levels for securing the software build and release pipeline against tampering. Higher levels require things like hardened build platforms and signed provenance that proves exactly how an artifact was built. It targets the build and deploy phases, addressing supply chain attacks like the SolarWinds compromise where the build system itself was subverted.