IWhen your CI pipeline builds an image and pushes it to your registry, how do you know that image actually came from your source code?

For most teams, there is no way to prove it. Everyone just trusts the image build pipeline.

Attackers make use of this trust and compromise the build system rather than attacking a hardened production cluster.

We have seen this happen multiple times.

• TanStack npm Attack (2026)

• The SolarWinds attack (2020)

• The tj-actions GitHub Actions compromise (2025) and more..

In all these cases, attackers targeted the build and delivery process rather than the application itself.

This is exactly the problem SLSA is designed to solve.

SLSA helps answer important questions such as,

• Was the image built from the expected source code?

• Was it built on a trusted CI platform and not on someone’s laptop?

• Was the build process tampered with?

• Can we verify where the artifact came from?

We have a deep dive guide explaining the following.

• What is SLSA

• What is SLSA provenance

• SLSA trust levels

• How to implement SLSA in your CI/CD pipeline

• Verifying provenance in Kubernetes with admission policies

• Real supply chain attacks (Case studies)

Read: SLSA Explained - A Practical Guide to Software Supply Chain Security