Skip to content

editorial: draft: update threat model to reflect source level changes#1500

Merged
TomHennen merged 1 commit intoslsa-framework:mainfrom
TomHennen:fix1494
Oct 27, 2025
Merged

editorial: draft: update threat model to reflect source level changes#1500
TomHennen merged 1 commit intoslsa-framework:mainfrom
TomHennen:fix1494

Conversation

@TomHennen
Copy link
Contributor

@TomHennen TomHennen commented Oct 21, 2025

The recent changes to the organization of requirements in the source level meant that threats.md wasn't quite right when pointing out which SLSA level addressed which threats.

This change fixes.

  • org defined controls now occur at level 3
  • forging metadata is now protected against at level 2

fixes #1494

@TomHennen
editorial: draft: update threat model to reflect source level changes
1bb513e 
The recent changes to the organization of requirements in the source level
meant that threats.md wasn't quite right when pointing out which SLSA
level addressed which threats.

This change fixes.

* org defined controls now occur at level 3
* forging metadata is now protected against at level 2

fixes slsa-framework#1494

Signed-off-by: Tom Hennen <tomhennen@google.com>
@github-project-automation github-project-automation bot moved this to 🆕 New in Issue triage Oct 21, 2025
@netlify
Copy link

netlify bot commented Oct 21, 2025
edited
Loading

Deploy Preview for slsa ready!

Name Link
🔨 Latest commit 1bb513e
🔍 Latest deploy log https://app.netlify.com/projects/slsa/deploys/68f7dbf8c088dd000899816e
😎 Deploy Preview https://deploy-preview-1500--slsa.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@TomHennen TomHennen added source-track slsa 1.2 Required for SLSA 1.2 release. Please apply it liberally! labels Oct 23, 2025
@TomHennen TomHennen merged commit e399146 into slsa-framework:main Oct 27, 2025
6 checks passed
@github-project-automation github-project-automation bot moved this from 🆕 New to ✅ Done in Issue triage Oct 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adityasaky adityasaky adityasaky approved these changes

@arewm arewm arewm approved these changes

@zachariahcox zachariahcox Awaiting requested review from zachariahcox

Assignees

No one assigned

Labels

slsa 1.2 Required for SLSA 1.2 release. Please apply it liberally! source-track

Projects

Issue triage
Status: ✅ Done
SLSA Source Track
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update threat model to match new SLSA Source Levels

3 participants

@TomHennen @adityasaky @arewm