SLSA Level 4

GPTKB entity

Statements (21)
Predicate Object
gptkbp:instanceOf gptkb:Software_Supply_Chain_Security_Level
gptkbp:appliesTo Software artifacts
gptkbp:definedIn gptkb:SLSA_Framework
gptkbp:focusesOn Maximum supply chain security
https://www.w3.org/2000/01/rdf-schema#label SLSA Level 4
gptkbp:isHighestLevelOf gptkb:SLSA
gptkbp:partOf gptkb:SLSA
gptkbp:requires Separation of duties
Reproducible builds
Automated policy enforcement
Builds are isolated and ephemeral
Comprehensive audit logging
Hermetic builds
Provenance is cryptographically signed
Provenance is generated at build time
Strong controls on source and build systems
Tamper-resistant provenance
Two-person review of all changes
Source and build platforms meet high security standards
gptkbp:bfsParent gptkb:SLSA
gptkbp:bfsLayer 6