{"id":799,"date":"2026-03-25T09:40:45","date_gmt":"2026-03-25T08:40:45","guid":{"rendered":"https:\/\/secure-pipelines.com\/uncategorized\/slsa-levels-explained-practical-compliance-checklist\/"},"modified":"2026-03-25T09:40:45","modified_gmt":"2026-03-25T08:40:45","slug":"slsa-levels-explained-practical-compliance-checklist","status":"publish","type":"post","link":"https:\/\/secure-pipelines.com\/ar\/ci-cd-security\/slsa-levels-explained-practical-compliance-checklist\/","title":{"rendered":"\u0634\u0631\u062d \u0645\u0633\u062a\u0648\u064a\u0627\u062a SLSA: \u0642\u0627\u0626\u0645\u0629 \u062a\u062d\u0642\u0642 \u0639\u0645\u0644\u064a\u0629 \u0644\u0644\u0627\u0645\u062a\u062b\u0627\u0644 \u0644\u0641\u0631\u0642 \u0627\u0644\u0647\u0646\u062f\u0633\u0629"},"content":{"rendered":"

\u0645\u0642\u062f\u0645\u0629: \u0645\u0627 \u0647\u0648 SLSA \u0648\u0644\u0645\u0627\u0630\u0627 \u064a\u062c\u0628 \u0623\u0646 \u062a\u0647\u062a\u0645\u061f<\/h2>\n

Supply-chain Levels for Software Artifacts \u2014 SLSA<\/strong> (\u064a\u064f\u0646\u0637\u0642 “salsa”) \u2014 \u0647\u0648 \u0625\u0637\u0627\u0631 \u0623\u0645\u0646\u064a \u0623\u0646\u0634\u0623\u062a\u0647 Google \u0648\u062a\u062a\u0648\u0644\u0649 \u0635\u064a\u0627\u0646\u062a\u0647 \u0627\u0644\u0622\u0646 \u0645\u0624\u0633\u0633\u0629 Open Source Security Foundation (OpenSSF)<\/a>. \u0647\u062f\u0641\u0647 \u0628\u0633\u064a\u0637 \u0641\u064a \u0638\u0627\u0647\u0631\u0647: \u062c\u0639\u0644 \u0627\u0644\u0639\u0628\u062b \u0628\u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0628\u0646\u064a\u0647\u0627 \u0648\u062a\u0646\u0634\u0631\u0647\u0627 \u0623\u0643\u062b\u0631 \u0635\u0639\u0648\u0628\u0629 \u0639\u0644\u0649 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646.<\/p>\n

\u0625\u0630\u0627 \u062a\u0627\u0628\u0639\u062a \u0627\u0644\u062d\u0648\u0627\u062f\u062b \u0627\u0644\u0628\u0627\u0631\u0632\u0629 \u0645\u062b\u0644 SolarWinds<\/a> \u0623\u0648 Codecov<\/a> \u0623\u0648 \u0645\u0648\u062c\u0629 \u062d\u0632\u0645 npm \u0627\u0644\u062e\u0628\u064a\u062b\u0629<\/a>\u060c \u0641\u0623\u0646\u062a \u062a\u0639\u0631\u0641 \u0628\u0627\u0644\u0641\u0639\u0644 \u0644\u0645\u0627\u0630\u0627<\/em> \u064a\u0647\u0645 \u0623\u0645\u0646 \u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u062a\u0648\u0631\u064a\u062f. \u064a\u0645\u0646\u062d\u0643 SLSA \u0625\u0637\u0627\u0631\u0627\u064b \u0639\u0645\u0644\u064a\u0627\u064b \u0648\u062a\u062f\u0631\u064a\u062c\u064a\u0627\u064b \u064a\u0648\u0636\u062d \u0643\u064a\u0641<\/em> \u062a\u0639\u0627\u0644\u062c \u0647\u0630\u0647 \u0627\u0644\u0645\u0634\u0643\u0644\u0629.<\/p>\n

\u0642\u0627\u0645\u062a \u0645\u0648\u0627\u0635\u0641\u0629 SLSA v1.0<\/strong> (\u0635\u062f\u0631\u062a \u0641\u064a \u0623\u0628\u0631\u064a\u0644 2023) \u0628\u062a\u0628\u0633\u064a\u0637 \u0627\u0644\u0646\u0645\u0648\u0630\u062c \u0627\u0644\u0623\u0635\u0644\u064a \u0625\u0644\u0649 \u0645\u0633\u0627\u0631 \u0648\u0627\u0636\u062d \u2014 \u0645\u0633\u062a\u0648\u064a\u0627\u062a \u0627\u0644\u0628\u0646\u0627\u0621 \u0645\u0646 0 \u0625\u0644\u0649 3 (Build Levels 0-3)<\/strong> \u2014 \u064a\u0636\u064a\u0641 \u0643\u0644 \u0645\u0633\u062a\u0648\u0649 \u0636\u0645\u0627\u0646\u0627\u062a \u0623\u0642\u0648\u0649 \u062d\u0648\u0644 \u0633\u0644\u0627\u0645\u0629 \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u0628\u0646\u0627\u0621 \u0648\u0628\u064a\u0627\u0646\u0627\u062a provenance \u0627\u0644\u062a\u064a \u062a\u0646\u062a\u062c\u0647\u0627.<\/p>\n

\u064a\u0633\u062a\u0639\u0631\u0636 \u0647\u0630\u0627 \u0627\u0644\u062f\u0644\u064a\u0644 \u0643\u0644 \u0645\u0633\u062a\u0648\u0649 \u0628\u0644\u063a\u0629 \u0645\u0628\u0633\u0637\u0629\u060c \u0648\u064a\u0642\u062f\u0645 \u0644\u0643 \u0642\u0627\u0626\u0645\u0629 \u062a\u062d\u0642\u0642 \u064a\u0645\u0643\u0646\u0643 \u062a\u0633\u0644\u064a\u0645\u0647\u0627 \u0644\u0641\u0631\u064a\u0642\u0643 \u0635\u0628\u0627\u062d \u064a\u0648\u0645 \u0627\u0644\u0625\u062b\u0646\u064a\u0646\u060c \u0648\u064a\u0631\u0628\u0637 \u0643\u0644 \u0645\u062a\u0637\u0644\u0628 \u0628\u0623\u062f\u0648\u0627\u062a \u062d\u0642\u064a\u0642\u064a\u0629\u060c \u0648\u064a\u0648\u0636\u062d \u0644\u0643 \u0634\u0643\u0644 provenance \u0627\u0644\u0641\u0639\u0644\u064a\u060c \u0648\u064a\u0636\u0639 \u062e\u0627\u0631\u0637\u0629 \u0637\u0631\u064a\u0642 \u062a\u0628\u0646\u064a \u062e\u0637\u0648\u0629 \u0628\u062e\u0637\u0648\u0629. \u0644\u0646\u0628\u062f\u0623.<\/p>\n

\n

\u0646\u0638\u0631\u0629 \u0633\u0631\u064a\u0639\u0629: \u0645\u0633\u0627\u0631 \u0627\u0644\u0628\u0646\u0627\u0621 \u0641\u064a SLSA \u0628\u0644\u0645\u062d\u0629 \u0648\u0627\u062d\u062f\u0629<\/h2>\n

\u0642\u0628\u0644 \u0627\u0644\u062a\u0639\u0645\u0642 \u0641\u064a \u0643\u0644 \u0645\u0633\u062a\u0648\u0649\u060c \u0625\u0644\u064a\u0643 \u062c\u062f\u0648\u0644 \u0645\u0642\u0627\u0631\u0646\u0629 \u0644\u062a\u0631\u0649 \u0627\u0644\u0635\u0648\u0631\u0629 \u0627\u0644\u0643\u0627\u0645\u0644\u0629.<\/p>\n\n\n\n\n\n\n\n\n\n
\u0627\u0644\u062c\u0627\u0646\u0628<\/th>\nBuild L0<\/th>\nBuild L1<\/th>\nBuild L2<\/th>\nBuild L3<\/th>\n<\/tr>\n<\/thead>\n
\u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u0628\u0646\u0627\u0621<\/strong><\/td>\n\u0644\u0627 \u062a\u0648\u062c\u062f \u0645\u062a\u0637\u0644\u0628\u0627\u062a<\/td>\n\u0628\u0646\u0627\u0621 \u0645\u0628\u0631\u0645\u062c \u0648\u0645\u062a\u0633\u0642<\/td>\n\u062e\u062f\u0645\u0629 \u0628\u0646\u0627\u0621 \u0645\u0633\u062a\u0636\u0627\u0641\u0629<\/td>\n\u0628\u0646\u0627\u0629 \u0645\u0639\u0632\u0648\u0644\u0648\u0646 \u0648\u0645\u062d\u0635\u0646\u0648\u0646<\/td>\n<\/tr>\n
Provenance<\/strong><\/td>\n\u063a\u064a\u0631 \u0645\u0637\u0644\u0648\u0628<\/td>\n\u0645\u0648\u062c\u0648\u062f \u0648\u0645\u062a\u0627\u062d<\/td>\n\u0645\u0648\u062b\u0642 \u0648\u0645\u0648\u0644\u062f \u0645\u0646 \u0627\u0644\u062e\u062f\u0645\u0629<\/td>\n\u063a\u064a\u0631 \u0642\u0627\u0628\u0644 \u0644\u0644\u062a\u0632\u0648\u064a\u0631\u060c \u062a\u0648\u0642\u064a\u0639 \u0645\u0639\u0632\u0648\u0644<\/td>\n<\/tr>\n
\u0645\u0648\u0642\u0651\u0639 Provenance<\/strong><\/td>\n\u063a\u064a\u0631 \u0645\u062a\u0627\u062d<\/td>\n\u0627\u0644\u0645\u0637\u0648\u0631 \u0623\u0648 CI<\/td>\n\u062e\u062f\u0645\u0629 \u0627\u0644\u0628\u0646\u0627\u0621 \u0646\u0641\u0633\u0647\u0627<\/td>\n\u062e\u062f\u0645\u0629 \u0628\u0646\u0627\u0621 \u0645\u062d\u0635\u0646\u0629<\/td>\n<\/tr>\n
\u0627\u0644\u062d\u0645\u0627\u064a\u0629 \u0645\u0646 \u0627\u0644\u0639\u0628\u062b<\/strong><\/td>\n\u0644\u0627 \u062a\u0648\u062c\u062f<\/td>\n\u0627\u0644\u0623\u062e\u0637\u0627\u0621 \u0648\u0627\u0644\u062a\u0648\u062b\u064a\u0642<\/td>\n\u0627\u0644\u0639\u0628\u062b \u0628\u0639\u062f \u0627\u0644\u0628\u0646\u0627\u0621<\/td>\n\u0627\u0644\u0639\u0628\u062b \u0623\u062b\u0646\u0627\u0621 \u0648\u0628\u0639\u062f \u0627\u0644\u0628\u0646\u0627\u0621<\/td>\n<\/tr>\n
\u062c\u0647\u062f \u0627\u0644\u062a\u0628\u0646\u064a<\/strong><\/td>\n\u0635\u0641\u0631<\/td>\n\u0645\u0646\u062e\u0641\u0636 \u2014 \u0633\u0627\u0639\u0627\u062a \u0625\u0644\u0649 \u0623\u064a\u0627\u0645<\/td>\n\u0645\u062a\u0648\u0633\u0637 \u2014 \u0623\u064a\u0627\u0645 \u0625\u0644\u0649 \u0623\u0633\u0627\u0628\u064a\u0639<\/td>\n\u0645\u0631\u062a\u0641\u0639 \u2014 \u0623\u0633\u0627\u0628\u064a\u0639 \u0625\u0644\u0649 \u0623\u0634\u0647\u0631<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n

\u0645\u0633\u062a\u0648\u0649 \u0627\u0644\u0628\u0646\u0627\u0621 0 \u2014 \u0646\u0642\u0637\u0629 \u0627\u0644\u0628\u062f\u0627\u064a\u0629 (\u0628\u062f\u0648\u0646 \u0636\u0645\u0627\u0646\u0627\u062a)<\/h2>\n

Build L0 \u0644\u064a\u0633 \u0645\u0633\u062a\u0648\u0649 \u0641\u0639\u0644\u064a\u0627\u064b \u2014 \u0625\u0646\u0647 \u063a\u064a\u0627\u0628 \u0623\u064a compliance \u0645\u0639 SLSA. \u0643\u0644 \u0645\u0634\u0631\u0648\u0639 \u0628\u0631\u0645\u062c\u064a \u064a\u0628\u062f\u0623 \u0647\u0646\u0627 \u0628\u0634\u0643\u0644 \u0627\u0641\u062a\u0631\u0627\u0636\u064a.<\/p>\n

\u0645\u0627\u0630\u0627 \u064a\u0639\u0646\u064a \u0630\u0644\u0643 \u0628\u0644\u063a\u0629 \u0628\u0633\u064a\u0637\u0629<\/h3>\n

\u0644\u064a\u0633 \u0644\u062f\u064a\u0643 \u0623\u064a \u0645\u062a\u0637\u0644\u0628\u0627\u062a \u0631\u0633\u0645\u064a\u0629. \u0642\u062f \u062a\u062a\u0645 \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0628\u0646\u0627\u0621 \u0639\u0644\u0649 \u062d\u0627\u0633\u0648\u0628 \u0627\u0644\u0645\u0637\u0648\u0631 \u0627\u0644\u0645\u062d\u0645\u0648\u0644\u060c \u0628\u062f\u0648\u0646 \u0623\u064a \u0633\u062c\u0644 \u0644\u0645\u0635\u062f\u0631 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0623\u0648 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u062a\u064a \u0646\u064f\u0641\u0630\u062a \u0623\u0648 \u0645\u0627 \u062a\u0645 \u0625\u0646\u062a\u0627\u062c\u0647. \u0644\u0627 \u064a\u0648\u062c\u062f \u0645\u0633\u062a\u0646\u062f provenance. \u0644\u0627 \u064a\u0648\u062c\u062f \u0634\u064a\u0621 \u0644\u0644\u062a\u062d\u0642\u0642 \u0645\u0646\u0647.<\/p>\n

\u0642\u0627\u0626\u0645\u0629 \u0627\u0644\u062a\u062d\u0642\u0642<\/h3>\n