Skip to content

Class: BuildPlatform

The infrastructure (software, hardware, people, and organizations) used to transform source code into package artifacts. Responsible for provenance generation and isolation between tenant builds. Often a hosted, multi-tenant build service.

URI: slsa:BuildPlatform

 classDiagram
    class BuildPlatform
    click BuildPlatform href "../BuildPlatform/"
      BuildPlatform : buildLevel





        BuildPlatform --> "0..1" BuildLevelEnum : buildLevel
        click BuildLevelEnum href "../BuildLevelEnum/"



      BuildPlatform : id

      BuildPlatform : isHosted

Slots

Name Cardinality and Range Description Inheritance
id 1
String		 A URI uniquely identifying an entity (build platform, verifier, build image, ... direct
buildLevel 0..1
BuildLevelEnum		 The SLSA Build Level this platform is capable of producing, as determined by ... direct
isHosted 0..1
Boolean		 True if this is a hosted (multi-tenant) platform running on shared or dedicat... direct

In Subsets

Identifier and Mapping Information

Schema Source

  • from schema: https://w3id.org/lmodel/slsa

Mappings

Mapping Type Mapped Value
self slsa:BuildPlatform
native slsa:BuildPlatform

LinkML Source

Direct

name: BuildPlatform
description: The infrastructure (software, hardware, people, and organizations) used
  to transform source code into package artifacts. Responsible for provenance generation
  and isolation between tenant builds. Often a hosted, multi-tenant build service.
in_subset:
- slsa_build_track
from_schema: https://w3id.org/lmodel/slsa
slots:
- id
- buildLevel
- isHosted

Induced

name: BuildPlatform
description: The infrastructure (software, hardware, people, and organizations) used
  to transform source code into package artifacts. Responsible for provenance generation
  and isolation between tenant builds. Often a hosted, multi-tenant build service.
in_subset:
- slsa_build_track
from_schema: https://w3id.org/lmodel/slsa
attributes:
  id:
    name: id
    description: A URI uniquely identifying an entity (build platform, verifier, build
      image, or source repository). The primary trust anchor for consumers.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_dependency_track
    - slsa_build_env_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: id
    owner: BuildPlatform
    domain_of:
    - Builder
    - Verifier
    - BuildPlatform
    - SourceRepository
    - BuildImage
    range: string
    required: true
  buildLevel:
    name: buildLevel
    description: The SLSA Build Level this platform is capable of producing, as determined
      by its provenance generation and isolation guarantees.
    in_subset:
    - slsa_build_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: buildLevel
    owner: BuildPlatform
    domain_of:
    - BuildPlatform
    range: BuildLevelEnum
  isHosted:
    name: isHosted
    description: True if this is a hosted (multi-tenant) platform running on shared
      or dedicated infrastructure, rather than an individual's workstation. Required
      for SLSA Build L2+.
    notes:
    - 'SSF reference architecture (CNCF TAG-Security): Hosted, multi-tenant build
      services (GitHub Actions, Google Cloud Build, GitLab CI/CD, CircleCI) are the
      recommended Build Service layer in the SSF pattern. Using a hosted service is
      a prerequisite for SLSA Build L2 because it provides the separation of concerns
      that prevents tenants from tampering with provenance generated by the control
      plane. Self-hosted runners can be used at SLSA Build L2+ only if they replicate
      the isolation guarantees of hosted services.'
    in_subset:
    - slsa_build_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: isHosted
    owner: BuildPlatform
    domain_of:
    - BuildPlatform
    range: boolean