SLSA Build Levels
SLSA Build Levels report on various security aspects of a project, to provide a score that represents its overall trustworthiness and completeness. See SLSA Levels.
Macaron’s Provenance verified
check uses the criteria of SLSA Build Levels to output a result that matches the correct level for a given artifact.
Build Level 0: There is no provenance for the artifact.
Build Level 1: There is provenance for the artifact but it cannot be verified.
Build Level 2: There is provenance for the artifact, and it has been verified.
Build Level 3: There is provenance for the artifact, it has been verified, and the build service isolates provenance generation in the control plane from the untrusted build process.
Note
Build Level 4 is not included in the check.