Version 1.0 is the current version. See the Version 1.0 documentation.

What's new

This document describes the major changes brought by SLSA v1.1 relative to the prior release, v1.0.

Summary of changes

  • Clarify that attestation format schema are informative and the specification texts (SLSA and in-toto attestation) are the canonical source of definitions.
  • Add procedure for verifying VSAs.
  • Add verifier metadata to VSA format.
  • It is now recommended that the digest field of ResourceDescriptor is set in a Verification Summary Attestation’s (VSA) policy object.
  • Further refine the threat model.
‹ SLSA v1.1 RC2 About SLSA ›