Review the SLSA v1.0 specification to understand that Build L1 requires provenance exists (any format), L2 requires provenance is signed and hosted on a tamper-resistant service, and L3 requires the build runs on a hardened isolated platform with additional isolation guarantees
For L1: add a simple step that generates and records build metadata (timestamp, source ref, builder); no signing required
For L2: use slsa-github-generator or an equivalent builder that signs provenance with a short-lived OIDC-bound key and publishes it to a transparency log
For L3: use the slsa-github-generator reusable workflow, which runs in an isolated GitHub-hosted runner with restricted token scope — or use Google Cloud Build with SLSA support
Document which level each artifact type achieves and track them in your software security posture management tooling
Known gotchas
SLSA levels are per-artifact, not per-organization; an org can achieve L3 for container images and L1 for internal scripts simultaneously
SLSA v0.1 levels (1–4) are superseded by v1.0 levels (1–3); tooling and documentation may reference either version, so confirm which spec version a given tool targets
Achieving L3 on GitHub Actions requires using the official reusable workflows without modification; customizing the build steps in the same job downgrades the effective level
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp