Skip to content

Enum: BuildLevelEnum

SLSA Build Track levels providing increasing supply chain security guarantees for the build process. Higher levels require stronger tamper-resistance and provenance integrity.

URI: slsa:BuildLevelEnum

Permissible Values

Value Meaning Description
SLSA_BUILD_LEVEL_0 None No SLSA requirements
SLSA_BUILD_LEVEL_1 None Provenance exists, showing how the package was built
SLSA_BUILD_LEVEL_2 None Build runs on a hosted platform that generates and signs provenance, deterrin...
SLSA_BUILD_LEVEL_3 None Hardened build platform providing strong guarantees against tampering during ...

Slots

Name Description
buildLevel The SLSA Build Level this platform is capable of producing, as determined by ...

In Subsets

Identifier and Mapping Information

Schema Source

  • from schema: https://w3id.org/lmodel/slsa

LinkML Source

name: BuildLevelEnum
description: SLSA Build Track levels providing increasing supply chain security guarantees
  for the build process. Higher levels require stronger tamper-resistance and provenance
  integrity.
in_subset:
- slsa_build_track
from_schema: https://w3id.org/lmodel/slsa
rank: 1000
permissible_values:
  SLSA_BUILD_LEVEL_0:
    text: SLSA_BUILD_LEVEL_0
    description: No SLSA requirements. Represents the absence of SLSA guarantees;
      intended for development or test builds.
  SLSA_BUILD_LEVEL_1:
    text: SLSA_BUILD_LEVEL_1
    description: Provenance exists, showing how the package was built. Prevents mistakes
      and aids documentation, but is trivial to bypass.
  SLSA_BUILD_LEVEL_2:
    text: SLSA_BUILD_LEVEL_2
    description: Build runs on a hosted platform that generates and signs provenance,
      deterring tampering after the build.
    notes:
    - 'Implementation challenge (Tamanna et al., 2024, CI.2): Integrating hosted signing
      tools (e.g., Sigstore/cosign) into diverse CI/CD workflows is complex. Tool
      updates can introduce incompatibilities, silent workflow failures, and hard-coded
      values that complicate ongoing maintenance at this level.'
  SLSA_BUILD_LEVEL_3:
    text: SLSA_BUILD_LEVEL_3
    description: Hardened build platform providing strong guarantees against tampering
      during the build; requires exploiting a vulnerability to forge provenance.
    notes:
    - 'Top adoption barrier (Tamanna et al., 2024, CI.1): Over 50% of practitioners
      surveyed by OpenSSF found hermetic build requirements difficult to implement.
      Non-build configurations (e.g., GoReleaser publish-only steps) lack explicit
      tool support. Use the hermeticBuild slot to record whether the isolation requirement
      is satisfied for a given BuildDefinition.'