{"id":13494636,"url":"https://github.com/slsa-framework/slsa","last_synced_at":"2025-03-28T14:31:41.314Z","repository":{"id":37251080,"uuid":"346517502","full_name":"slsa-framework/slsa","owner":"slsa-framework","description":"Supply-chain Levels for Software Artifacts","archived":false,"fork":false,"pushed_at":"2025-03-26T17:07:35.000Z","size":18080,"stargazers_count":1631,"open_issues_count":224,"forks_count":234,"subscribers_count":61,"default_branch":"main","last_synced_at":"2025-03-26T18:24:27.270Z","etag":null,"topics":["devops","security","supply-chain-security"],"latest_commit_sha":null,"homepage":"https://slsa.dev","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/slsa-framework.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-10T23:11:57.000Z","updated_at":"2025-03-26T17:12:23.000Z","dependencies_parsed_at":"2024-05-17T19:31:20.822Z","dependency_job_id":"0e8ab5e7-7b91-45be-8ca7-d2f14b7629f2","html_url":"https://github.com/slsa-framework/slsa","commit_stats":{"total_commits":1263,"total_committers":89,"mean_commits":"14.191011235955056","dds":0.6737925574030087,"last_synced_commit":"105ecca76b13421ab4aa3533a3d88637296076a8"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slsa-framework%2Fslsa","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slsa-framework%2Fslsa/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slsa-framework%2Fslsa/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slsa-framework%2Fslsa/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/slsa-framework","download_url":"https://codeload.github.com/slsa-framework/slsa/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246046031,"owners_count":20714888,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops","security","supply-chain-security"],"created_at":"2024-07-31T19:01:26.757Z","updated_at":"2025-03-28T14:31:36.295Z","avatar_url":"https://github.com/slsa-framework.png","language":"Shell","readme":"# SLSA (\"salsa\") is Supply-chain Levels for Software Artifacts\n\n\u003cimg align=\"right\" src=\"https://github.com/slsa-framework/slsa/blob/main/docs/images/slsa-dancing-goose-logo.svg\" alt=\"The OpenSSF mascot, a goose in armor, strikes a pose wearing a red salsa dress\"\u003e\n\nSLSA (pronounced [\"salsa\"](https://www.google.com/search?q=how+to+pronounce+salsa)) is a security framework from source to service, giving anyone working with software a common language for increasing levels of software security and supply chain integrity. It’s how you get from safe enough to being as resilient as possible, at any link in the chain.\n\n## Learning about SLSA\n\nSee https://slsa.dev to learn about SLSA.\n\n## What's in this repo?\n\nThe primary content of this repo is the [docs/](docs/) directory, which contains\nthe core SLSA specification and sources to the [slsa.dev] website. See the\nREADME.md in that directory for instructions on how to build the site.\n\nThis repository also hosts SLSA's main [issue tracker], covering the website,\nspecification, and overall project management. Other git repositories within the\n[slsa-framework](https://github.com/slsa-framework) organization have\nrepo-specific issue trackers.\n\n## How to get involved\n\nSee https://slsa.dev/community for ways to get involved in SLSA development.\n\n## Active workstreams\n\n| Workstream | [Shepherd]\n| ---------- | ----------\n| [Build Level 4] | David A Wheeler (@david-a-wheeler)\n| [Attested Build Environments Track] | Marcela Melara (@marcelamelara), Pavel Iakovenko (@paveliak)\n| [Source Track] | Kris K (@kpk47)\n| [Version 1.1 release] | Joshua Lock (@joshuagl)\n\n[Shepherd]: CONTRIBUTING.md#workstream-lifecycle\n[Build Level 4]: https://github.com/slsa-framework/slsa/issues/977\n[Attested Build Environments Track]: https://github.com/slsa-framework/slsa/labels/build-environment-track\n[Source Track]: https://github.com/slsa-framework/slsa/issues/956\n[Version 1.1 release]: https://github.com/slsa-framework/slsa/issues/900\n\n## URL Aliases\n\nWe have several [redirect](docs/_redirects) configured on slsa.dev for\nconvenience of the team:\n\n-   https://slsa.dev/gh \u0026rArr; SLSA GitHub repo\n    -   https://slsa.dev/gh/issues\n    -   https://slsa.dev/gh/pulls\n    -   etc...\n-   https://slsa.dev/notes \u0026rArr; meeting notes\n    -   https://slsa.dev/notes/community\n    -   https://slsa.dev/notes/positioning\n    -   https://slsa.dev/notes/specification\n        (or [.../spec](https://slsa.dev/notes/spec))\n    -   https://slsa.dev/notes/tooling\n\n## Governance\n\nSLSA is an [OpenSSF](https://openssf.org) project. See\n[slsa-framework/governance](https://github.com/slsa-framework/governance) for\ngovernance information, including current steering committee members.\n\nTo include the steering committee on GitHub, use\n`@slsa-framework/slsa-steering-committee`.\n\n## License\n\nAll SLSA specification content contributed following adoption of the Community\nSpecification governance model is provided under the\n[Community Specification License 1.0](LICENSE.md).\n\nPre-existing portions of the SLSA specification from contributors who have not\nsubsequently contributed under the Community Specification License 1.0 following\nits adoption are provided under the\n[Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0.txt).\n\n\u003c!-- Links --\u003e\n\n[issue tracker]: https://github.com/slsa-framework/slsa/issues\n[slsa.dev]: https://slsa.dev\n","funding_links":[],"categories":["Shell","Framework","Secure Programming","HTML"],"sub_categories":["Tokens"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslsa-framework%2Fslsa","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fslsa-framework%2Fslsa","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslsa-framework%2Fslsa/lists"}