GitHub - slsa-framework/source-tool: A proof-of-concept for how the SLSA Source Track could be implemented.

A tool that helps users implement the SLSA Source Track.

Status: in development

Design

REQUIREMENTS_MAPPING.md defines the rationale for how this tool meets the SLSA Source Requirements.

DESIGN.md explains more specifically how the system works.

GETTING_STARTED.md explains how to get started using the tool.

source-actions the GitHub Actions used with source-tool to implement SLSA Source Track requirements within GitHub projects.

source-policies stores each GitHub project's 'policy' which details the SLSA Source Level and other controls implemented by that repository.