Enum: DependencyLevelEnum
SLSA Dependency Track levels for measuring and controlling risk introduced from third-party dependencies.
URI: slsa:DependencyLevelEnum
Permissible Values
| Value |
Meaning |
Description |
| SLSA_DEPENDENCY_LEVEL_0 |
None |
No mitigations to dependency threats |
| SLSA_DEPENDENCY_LEVEL_1 |
None |
An inventory of all build dependencies (direct and transitive) exists |
| SLSA_DEPENDENCY_LEVEL_2 |
None |
All known vulnerabilities in the artifact's dependencies have been triaged be... |
| SLSA_DEPENDENCY_LEVEL_3 |
None |
All third-party build dependencies are consumed exclusively from locations un... |
| SLSA_DEPENDENCY_LEVEL_4 |
None |
Proactive defense against upstream attacks; an ingestion policy prevents cons... |
Slots
| Name |
Description |
| dependencyLevel |
The SLSA Dependency Level that this inventory and associated triage process s... |
In Subsets
Schema Source
- from schema: https://w3id.org/lmodel/slsa
LinkML Source
name: DependencyLevelEnum
description: SLSA Dependency Track levels for measuring and controlling risk introduced
from third-party dependencies.
in_subset:
- slsa_dependency_track
from_schema: https://w3id.org/lmodel/slsa
rank: 1000
permissible_values:
SLSA_DEPENDENCY_LEVEL_0:
text: SLSA_DEPENDENCY_LEVEL_0
description: No mitigations to dependency threats.
SLSA_DEPENDENCY_LEVEL_1:
text: SLSA_DEPENDENCY_LEVEL_1
description: An inventory of all build dependencies (direct and transitive) exists.
SLSA_DEPENDENCY_LEVEL_2:
text: SLSA_DEPENDENCY_LEVEL_2
description: All known vulnerabilities in the artifact's dependencies have been
triaged before each release.
SLSA_DEPENDENCY_LEVEL_3:
text: SLSA_DEPENDENCY_LEVEL_3
description: All third-party build dependencies are consumed exclusively from
locations under the producer's control.
SLSA_DEPENDENCY_LEVEL_4:
text: SLSA_DEPENDENCY_LEVEL_4
description: Proactive defense against upstream attacks; an ingestion policy prevents
consumption of compromised dependencies.