Slot: isHosted
True if this is a hosted (multi-tenant) platform running on shared or dedicated infrastructure, rather than an individual's workstation. Required for SLSA Build L2+.
URI: slsa:isHosted
Alias: isHosted
Applicable Classes
| Name |
Description |
Modifies Slot |
| BuildPlatform |
The infrastructure (software, hardware, people, and organizations) used to tr... |
no |
Properties
Type and Range
Cardinality and Requirements
In Subsets
Notes
- SSF reference architecture (CNCF TAG-Security): Hosted, multi-tenant build services (GitHub Actions, Google Cloud Build, GitLab CI/CD, CircleCI) are the recommended Build Service layer in the SSF pattern. Using a hosted service is a prerequisite for SLSA Build L2 because it provides the separation of concerns that prevents tenants from tampering with provenance generated by the control plane. Self-hosted runners can be used at SLSA Build L2+ only if they replicate the isolation guarantees of hosted services.
Schema Source
- from schema: https://w3id.org/lmodel/slsa
Mappings
| Mapping Type |
Mapped Value |
| self |
slsa:isHosted |
| native |
slsa:isHosted |
LinkML Source
name: isHosted
description: True if this is a hosted (multi-tenant) platform running on shared or
dedicated infrastructure, rather than an individual's workstation. Required for
SLSA Build L2+.
notes:
- 'SSF reference architecture (CNCF TAG-Security): Hosted, multi-tenant build services
(GitHub Actions, Google Cloud Build, GitLab CI/CD, CircleCI) are the recommended
Build Service layer in the SSF pattern. Using a hosted service is a prerequisite
for SLSA Build L2 because it provides the separation of concerns that prevents tenants
from tampering with provenance generated by the control plane. Self-hosted runners
can be used at SLSA Build L2+ only if they replicate the isolation guarantees of
hosted services.'
in_subset:
- slsa_build_track
from_schema: https://w3id.org/lmodel/slsa
rank: 1000
alias: isHosted
domain_of:
- BuildPlatform
range: boolean