slsa::v0_2

Patterns to work with SLSA 0.2 provenance statements.

`artifact-reference`

Reference to an artifact used in the build or by the builder.

`build-config`

`build-metadata`

Metadata about this particular execution of the build.

`build-type`

Identifies the template for how to perform the build and interpret the parameters and dependencies.

`builder`

Identifies the entity that executed the invocation, which is trusted to have correctly performed the operation and populated this provenance.

`builder-id`

URI indicating the transitive closure of the trusted builder. This is intended to be the sole determiner of the SLSA Build level.

If a build platform has multiple modes of operations that have differing security attributes or SLSA Build levels, each mode MUST have a different builder.id and SHOULD have a different signer identity. This is to minimize the risk that a less secure mode compromises a more secure one.

`config-source`

`invocation`

`predicate`

SLSA 0.2 predicate.

`provenance`

SLSA 0.2 build provenance statement.