Enum: AdoptionChallengeEnum
The four empirically identified themes of challenges practitioners encounter when deploying SLSA, derived from thematic analysis of 1,523 SLSA-related GitHub issues across 233 repositories (Tamanna et al., 2024, arXiv:2409.05014). Challenge counts in parentheses reflect total issues associated with each theme.
URI: slsa:AdoptionChallengeEnum
Permissible Values
| Value | Meaning | Description |
|---|---|---|
| COMPLEX_IMPLEMENTATION | None | (CI — 901 issues) Challenges integrating SLSA into projects: complicated prov... |
| UNCLEAR_COMMUNICATION | None | (UC — 357 issues) Challenges understanding SLSA documentation: unclear defini... |
| LIMITED_FEASIBILITY | None | (LF — 219 issues) Challenges with practical feasibility of SLSA requirements:... |
| UNCLEAR_RELEVANCE | None | (UR — 46 issues) Challenges understanding SLSA's relevance and distinct value... |
Slots
| Name | Description |
|---|---|
| challenges | The adoption challenge themes that apply to this attestation or deployment co... |
In Subsets
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/slsa
LinkML Source
name: AdoptionChallengeEnum
description: The four empirically identified themes of challenges practitioners encounter
when deploying SLSA, derived from thematic analysis of 1,523 SLSA-related GitHub
issues across 233 repositories (Tamanna et al., 2024, arXiv:2409.05014). Challenge
counts in parentheses reflect total issues associated with each theme.
in_subset:
- slsa_adoption_study
from_schema: https://w3id.org/lmodel/slsa
rank: 1000
permissible_values:
COMPLEX_IMPLEMENTATION:
text: COMPLEX_IMPLEMENTATION
description: '(CI — 901 issues) Challenges integrating SLSA into projects: complicated
provenance generation including blocking pre-submit jobs, lack of non-build
configuration support, and sensitive-data handling risks (CI.1); and intricate
ongoing maintenance of required tools including incompatibilities, silent failures,
and documentation drift (CI.2).'
UNCLEAR_COMMUNICATION:
text: UNCLEAR_COMMUNICATION
description: '(UC — 357 issues) Challenges understanding SLSA documentation: unclear
definitions of key terms such as "provenance", "attestation", "hermetic", "hosted",
and "non-falsifiable" (UC.1); and lack of clear, ecosystem-specific guidance
on how to apply SLSA requirements in practice (UC.2).'
LIMITED_FEASIBILITY:
text: LIMITED_FEASIBILITY
description: '(LF — 219 issues) Challenges with practical feasibility of SLSA
requirements: complexity and lack of standardization in attestation verification
tooling, no standardized storage model for attestations, and security concerns
about verification accuracy (LF.1); and difficulty implementing two-party review
for single-maintainer open-source projects (LF.2).'
UNCLEAR_RELEVANCE:
text: UNCLEAR_RELEVANCE
description: '(UR — 46 issues) Challenges understanding SLSA''s relevance and
distinct value: confusion about which attacks SLSA mitigates, how it differs
from OpenSSF best practices, and ecosystem-level policy inconsistencies (e.g.,
npm package naming divergence) that undermine attestation accuracy (UR.1).'