Statements (21)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Software_Supply_Chain_Security_Level
|
| gptkbp:appliesTo |
Software artifacts
|
| gptkbp:definedIn |
gptkb:SLSA_Framework
|
| gptkbp:focusesOn |
Maximum supply chain security
|
| https://www.w3.org/2000/01/rdf-schema#label |
SLSA Level 4
|
| gptkbp:isHighestLevelOf |
gptkb:SLSA
|
| gptkbp:partOf |
gptkb:SLSA
|
| gptkbp:requires |
Separation of duties
Reproducible builds Automated policy enforcement Builds are isolated and ephemeral Comprehensive audit logging Hermetic builds Provenance is cryptographically signed Provenance is generated at build time Strong controls on source and build systems Tamper-resistant provenance Two-person review of all changes Source and build platforms meet high security standards |
| gptkbp:bfsParent |
gptkb:SLSA
|
| gptkbp:bfsLayer |
6
|