Subset: SlsaSsf
Slots and classes related to the CNCF TAG-Security Secure Software Factory (SSF) reference architecture and the OpenSSF Supply Chain Integrity Working Group ecosystem. The SSF defines a standard pipeline pattern — Version Control, CI Build Service, Artifact Registry, Signing Service, and Policy Engine — that implements SLSA requirements end-to-end. See: https://github.com/cncf/tag-security/tree/main/supply-chain-security/secure-software-factory and https://openssf.org/technical-initiatives/software-supply-chain/
URI: SlsaSsf
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/slsa
Slots in subset
| Slot | Description |
|---|---|
| guacUri | URI to query the GUAC (Graph for Understanding Artifact Composition) instance... |
| pipelineOrchestrator | URI or name of the CI/CD pipeline orchestration system that coordinated this ... |
| securityInsightsUri | URI to the SECURITY-INSIGHTS |
| signingTool | URI or name of the tool used to cryptographically sign the artifact or attest... |
| sigstoreLogEntry | URI of the Rekor transparency log entry recording this attestation or artifac... |