Skip to content

Slot: externalParameters

Top-level, independent inputs under external (tenant or user) control. MUST be complete at SLSA Build L3. Stored as a JSON object. Verifiers SHOULD reject unrecognized fields.

URI: slsa:externalParameters Alias: externalParameters

Applicable Classes

Name Description Modifies Slot
BuildDefinition Describes all inputs to the build in enough detail to initialise and reproduc... no

Properties

Type and Range

Property Value
Range String
Domain Of BuildDefinition

Cardinality and Requirements

Property Value

In Subsets

Notes

  • SSF pipeline definition files (CNCF TAG-Security Secure Software Factory): In Tekton-based SSF pipelines, externalParameters typically contains the PipelineRun YAML reference or TaskRun definition URI. For GitHub Actions, it would contain the workflow file path and ref. These values MUST be complete and verifiable at SLSA Build L3 so that consumers can confirm the exact build recipe. Use pipelineOrchestrator to record the CI system and provenanceGenerationTool (in BuildDefinition) to record the attestation generator (e.g., Tekton Chains).

Identifier and Mapping Information

Schema Source

  • from schema: https://w3id.org/lmodel/slsa

Mappings

Mapping Type Mapped Value
self slsa:externalParameters
native slsa:externalParameters

LinkML Source

name: externalParameters
description: Top-level, independent inputs under external (tenant or user) control.
  MUST be complete at SLSA Build L3. Stored as a JSON object. Verifiers SHOULD reject
  unrecognized fields.
notes:
- 'SSF pipeline definition files (CNCF TAG-Security Secure Software Factory): In Tekton-based
  SSF pipelines, externalParameters typically contains the PipelineRun YAML reference
  or TaskRun definition URI. For GitHub Actions, it would contain the workflow file
  path and ref. These values MUST be complete and verifiable at SLSA Build L3 so that
  consumers can confirm the exact build recipe. Use pipelineOrchestrator to record
  the CI system and provenanceGenerationTool (in BuildDefinition) to record the attestation
  generator (e.g., Tekton Chains).'
in_subset:
- slsa_build_track
from_schema: https://w3id.org/lmodel/slsa
rank: 1000
alias: externalParameters
domain_of:
- BuildDefinition
range: string