Class: VerificationSummaryAttestation

An attestation predicate (predicateType "https://slsa.dev/verification_summary/v1") issued by a trusted verifier stating that one or more artifacts were evaluated against a policy and the SLSA level at which they were verified. Allows consumers to trust the verifier's determination without needing access to all underlying provenance.

URI: slsa:VerificationSummaryAttestation

 classDiagram
    class VerificationSummaryAttestation
    click VerificationSummaryAttestation href "../VerificationSummaryAttestation/"
      Statement <|-- VerificationSummaryAttestation
        click Statement href "../Statement/"

      VerificationSummaryAttestation : _type

      VerificationSummaryAttestation : attestationStorageUri

      VerificationSummaryAttestation : dependencyLevels

      VerificationSummaryAttestation : inputAttestations





        VerificationSummaryAttestation --> "*" ResourceDescriptor : inputAttestations
        click ResourceDescriptor href "../ResourceDescriptor/"



      VerificationSummaryAttestation : policy





        VerificationSummaryAttestation --> "1" ResourceDescriptor : policy
        click ResourceDescriptor href "../ResourceDescriptor/"



      VerificationSummaryAttestation : predicate

      VerificationSummaryAttestation : predicateType

      VerificationSummaryAttestation : resourceUri

      VerificationSummaryAttestation : signingTool

      VerificationSummaryAttestation : sigstoreLogEntry

      VerificationSummaryAttestation : slsaVersion

      VerificationSummaryAttestation : subject





        VerificationSummaryAttestation --> "1..*" ResourceDescriptor : subject
        click ResourceDescriptor href "../ResourceDescriptor/"



      VerificationSummaryAttestation : timeVerified

      VerificationSummaryAttestation : verificationResult





        VerificationSummaryAttestation --> "1" VerificationResultEnum : verificationResult
        click VerificationResultEnum href "../VerificationResultEnum/"



      VerificationSummaryAttestation : verifiedLevels





        VerificationSummaryAttestation --> "1..*" SlsaResultEnum : verifiedLevels
        click SlsaResultEnum href "../SlsaResultEnum/"



      VerificationSummaryAttestation : verifier





        VerificationSummaryAttestation --> "1" Verifier : verifier
        click Verifier href "../Verifier/"

Inheritance

Statement
- VerificationSummaryAttestation

Slots

Name	Cardinality and Range	Description	Inheritance
verifier	1 Verifier	Identifies the entity that performed the verification	direct
timeVerified	0..1 String	Timestamp (RFC 3339) indicating when the verification occurred	direct
resourceUri	1 String	URI identifying the resource associated with the artifact being verified	direct
policy	1 ResourceDescriptor	The policy the subject was verified against	direct
inputAttestations	* ResourceDescriptor	All attestations consulted during verification	direct
verificationResult	1 VerificationResultEnum	Whether the artifact passed or failed policy verification	direct
verifiedLevels	1..* SlsaResultEnum	The highest verified SLSA level for each applicable track (not including tran...	direct
dependencyLevels	0..1 String	Map from SlsaResult to count of transitive dependencies verified at that leve...	direct
slsaVersion	0..1 String	Version of the SLSA specification used during verification, in MAJOR	direct
_type	1 String	Always "https://in-toto	Statement
subject	1..* ResourceDescriptor	The set of software artifacts to which a predicate applies	Statement
predicateType	1 String	URI identifying the schema and semantics of the predicate field	Statement
predicate	0..1 String	The attestation payload — an arbitrary JSON object whose schema is fully dete...	Statement
attestationStorageUri	0..1 String	URI indicating where this signed attestation is publicly stored or retrievabl...	Statement
signingTool	0..1 String	URI or name of the tool used to cryptographically sign the artifact or attest...	Statement
sigstoreLogEntry	0..1 String	URI of the Rekor transparency log entry recording this attestation or artifac...	Statement

In Subsets

Notes

Verification complexity (Tamanna et al., 2024, LF.1): The slsa-verifier tool was highlighted by practitioners for complexity and redundancy. No standardized attestation storage model existed as of SLSA v1.0; inconsistencies between package manager registries and stored files can undermine verification accuracy. Downstream systems also lack clear guidance on how to consume and communicate attestation data to other stakeholders.

Identifier and Mapping Information

Schema Source

from schema: https://w3id.org/lmodel/slsa

Mappings

Mapping Type	Mapped Value
self	slsa:VerificationSummaryAttestation
native	slsa:VerificationSummaryAttestation

LinkML Source

Direct

name: VerificationSummaryAttestation
description: An attestation predicate (predicateType "https://slsa.dev/verification_summary/v1")
  issued by a trusted verifier stating that one or more artifacts were evaluated against
  a policy and the SLSA level at which they were verified. Allows consumers to trust
  the verifier's determination without needing access to all underlying provenance.
notes:
- 'Verification complexity (Tamanna et al., 2024, LF.1): The slsa-verifier tool was
  highlighted by practitioners for complexity and redundancy. No standardized attestation
  storage model existed as of SLSA v1.0; inconsistencies between package manager registries
  and stored files can undermine verification accuracy. Downstream systems also lack
  clear guidance on how to consume and communicate attestation data to other stakeholders.'
in_subset:
- slsa_build_track
- slsa_source_track
from_schema: https://w3id.org/lmodel/slsa
see_also:
- https://openssf.org/projects/guac/
is_a: Statement
slots:
- verifier
- timeVerified
- resourceUri
- policy
- inputAttestations
- verificationResult
- verifiedLevels
- dependencyLevels
- slsaVersion

Induced

name: VerificationSummaryAttestation
description: An attestation predicate (predicateType "https://slsa.dev/verification_summary/v1")
  issued by a trusted verifier stating that one or more artifacts were evaluated against
  a policy and the SLSA level at which they were verified. Allows consumers to trust
  the verifier's determination without needing access to all underlying provenance.
notes:
- 'Verification complexity (Tamanna et al., 2024, LF.1): The slsa-verifier tool was
  highlighted by practitioners for complexity and redundancy. No standardized attestation
  storage model existed as of SLSA v1.0; inconsistencies between package manager registries
  and stored files can undermine verification accuracy. Downstream systems also lack
  clear guidance on how to consume and communicate attestation data to other stakeholders.'
in_subset:
- slsa_build_track
- slsa_source_track
from_schema: https://w3id.org/lmodel/slsa
see_also:
- https://openssf.org/projects/guac/
is_a: Statement
attributes:
  verifier:
    name: verifier
    description: Identifies the entity that performed the verification.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: verifier
    owner: VerificationSummaryAttestation
    domain_of:
    - SlsaDocument
    - VerificationSummaryAttestation
    range: Verifier
    required: true
    inlined: true
  timeVerified:
    name: timeVerified
    description: Timestamp (RFC 3339) indicating when the verification occurred.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: timeVerified
    owner: VerificationSummaryAttestation
    domain_of:
    - VerificationSummaryAttestation
    range: string
  resourceUri:
    name: resourceUri
    description: URI identifying the resource associated with the artifact being verified.
      SHOULD be the URI from which the consumer fetches the artifact.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: resourceUri
    owner: VerificationSummaryAttestation
    domain_of:
    - VerificationSummaryAttestation
    range: string
    required: true
  policy:
    name: policy
    description: The policy the subject was verified against. MUST contain a URI;
      SHOULD contain a digest identifying the exact policy version.
    notes:
    - 'SSF Policy Engine layer (CNCF TAG-Security): In the SSF reference architecture,
      the policy consumed here is enforced at admission time by a Policy Engine such
      as OPA/Gatekeeper or Kyverno. These engines consume Verification Summary Attestations
      (VSAs) to verify that an artifact meets the required SLSA level before allowing
      deployment. Best practice is to reference a versioned, content-addressed policy
      document so verifiers can reconstruct the exact policy evaluated.'
    in_subset:
    - slsa_build_track
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: policy
    owner: VerificationSummaryAttestation
    domain_of:
    - VerificationSummaryAttestation
    range: ResourceDescriptor
    required: true
    inlined: true
  inputAttestations:
    name: inputAttestations
    description: All attestations consulted during verification. If non-empty, MUST
      be complete — it MUST list every attestation used. Each entry MUST contain a
      digest; SHOULD contain a URI.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: inputAttestations
    owner: VerificationSummaryAttestation
    domain_of:
    - VerificationSummaryAttestation
    range: ResourceDescriptor
    multivalued: true
    inlined: true
    inlined_as_list: true
  verificationResult:
    name: verificationResult
    description: Whether the artifact passed or failed policy verification.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: verificationResult
    owner: VerificationSummaryAttestation
    domain_of:
    - SlsaDocument
    - VerificationSummaryAttestation
    range: VerificationResultEnum
    required: true
  verifiedLevels:
    name: verifiedLevels
    description: The highest verified SLSA level for each applicable track (not including
      transitive dependencies). At most one level per track. Implies all levels below
      it within the same track.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: verifiedLevels
    owner: VerificationSummaryAttestation
    domain_of:
    - SlsaDocument
    - VerificationSummaryAttestation
    range: SlsaResultEnum
    required: true
    multivalued: true
  dependencyLevels:
    name: dependencyLevels
    description: Map from SlsaResult to count of transitive dependencies verified
      at that level (JSON object string). Allows policy engines to enforce minimum
      levels on the full dependency graph.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: dependencyLevels
    owner: VerificationSummaryAttestation
    domain_of:
    - VerificationSummaryAttestation
    range: string
  slsaVersion:
    name: slsaVersion
    description: Version of the SLSA specification used during verification, in MAJOR.MINOR
      format (e.g., "1.0").
    in_subset:
    - slsa_build_track
    - slsa_source_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: slsaVersion
    owner: VerificationSummaryAttestation
    domain_of:
    - VerificationSummaryAttestation
    range: string
  _type:
    name: _type
    description: Always "https://in-toto.io/Statement/v1". Identifies the in-toto
      statement schema version and namespace.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_build_env_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: _type
    owner: VerificationSummaryAttestation
    domain_of:
    - Statement
    range: string
    required: true
  subject:
    name: subject
    description: The set of software artifacts to which a predicate applies. Each
      entry MUST contain a digest.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_build_env_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: subject
    owner: VerificationSummaryAttestation
    domain_of:
    - Statement
    range: ResourceDescriptor
    required: true
    multivalued: true
    inlined: true
    inlined_as_list: true
  predicateType:
    name: predicateType
    description: URI identifying the schema and semantics of the predicate field.
      Used to distinguish different attestation types (e.g., SLSA Provenance vs. Verification
      Summary Attestation).
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_build_env_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: predicateType
    owner: VerificationSummaryAttestation
    domain_of:
    - Statement
    range: string
    required: true
  predicate:
    name: predicate
    description: The attestation payload — an arbitrary JSON object whose schema is
      fully determined by predicateType.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_build_env_track
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: predicate
    owner: VerificationSummaryAttestation
    domain_of:
    - Statement
    range: string
  attestationStorageUri:
    name: attestationStorageUri
    description: 'URI indicating where this signed attestation is publicly stored
      or retrievable. No universal standard for attestation storage location was established
      in SLSA v1.0; Sigstore and VCS-embedded storage are two common approaches. Explicitly
      recording this URI addresses the storage ambiguity identified as a significant
      adoption barrier: practitioners reported uncertainty about where generated attestations
      should be stored (Tamanna et al., 2024, LF.1).'
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_build_env_track
    - slsa_adoption_study
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: attestationStorageUri
    owner: VerificationSummaryAttestation
    domain_of:
    - Statement
    range: string
  signingTool:
    name: signingTool
    description: URI or name of the tool used to cryptographically sign the artifact
      or attestation (e.g., "https://github.com/sigstore/cosign", "https://github.com/notaryproject/notation").
      In the SSF reference architecture the Signing Service layer is distinct from
      the Build Service; recording the signing tool enables verifiers to select the
      matching verification workflow. For Sigstore keyless signing the value should
      be the Cosign release URI.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_ssf
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: signingTool
    owner: VerificationSummaryAttestation
    domain_of:
    - Statement
    range: string
  sigstoreLogEntry:
    name: sigstoreLogEntry
    description: URI of the Rekor transparency log entry recording this attestation
      or artifact signature (e.g., "https://rekor.sigstore.dev/api/v1/log/entries/24296fb...").
      The Rekor log provides an immutable, auditable record of signing events that
      underpins Sigstore keyless signing. Verifiers can fetch this entry to confirm
      the cryptographic signature was recorded in the public-good log and obtain the
      signing certificate chain issued by Fulcio. Recording this URI enables offline
      and third-party verification without requiring direct access to the original
      signing key.
    in_subset:
    - slsa_build_track
    - slsa_source_track
    - slsa_ssf
    from_schema: https://w3id.org/lmodel/slsa
    rank: 1000
    alias: sigstoreLogEntry
    owner: VerificationSummaryAttestation
    domain_of:
    - Statement
    range: string