@prefix IAO: . @prefix dcterms: . @prefix owl: . @prefix pkg: . @prefix prov: . @prefix rdfs: . @prefix sec: . @prefix slsa: . @prefix vcs: . @prefix xsd: . slsa:L0 a owl:NamedIndividual, slsa:BuildLevel ; rdfs:label "SLSA L0"@en ; IAO:0000115 "SLSA Build Level 0: no provenance attestation exists. The artifact has no supply chain integrity guarantees."@en ; rdfs:comment "No SLSA guarantees — no provenance"@en . slsa:L1 a owl:NamedIndividual, slsa:BuildLevel ; rdfs:label "SLSA L1"@en ; IAO:0000115 "SLSA Build Level 1: provenance attestation exists, indicating the build process is documented. The provenance may be generated by the build system itself."@en ; rdfs:comment "Provenance exists — the build process is documented"@en . slsa:L2 a owl:NamedIndividual, slsa:BuildLevel ; rdfs:label "SLSA L2"@en ; IAO:0000115 "SLSA Build Level 2: provenance is generated by a hosted build service with tamper-resistant provenance generation. The build runs on a managed platform."@en ; rdfs:comment "Hosted build — provenance generated by a hosted build service"@en . slsa:L3 a owl:NamedIndividual, slsa:BuildLevel ; rdfs:label "SLSA L3"@en ; IAO:0000115 "SLSA Build Level 3: builds are executed in isolated, ephemeral environments with hardened infrastructure. Provenance is non-falsifiable by the build service tenants."@en ; rdfs:comment "Hardened builds — isolated, ephemeral build environments"@en . slsa:attestationDigest a owl:DatatypeProperty ; rdfs:label "attestation digest"@en ; IAO:0000115 "A cryptographic digest (e.g., sha256:abc123) identifying the specific artifact this attestation covers."@en ; rdfs:comment "The cryptographic digest of the attested artifact"@en ; rdfs:domain slsa:ProvenanceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:string . slsa:attestsBuildActivity a owl:ObjectProperty ; rdfs:label "attests build activity"@en ; IAO:0000115 "Associates a provenance attestation with the specific build activity whose provenance it documents."@en ; rdfs:comment "Links a provenance attestation to the build activity it documents"@en ; rdfs:domain slsa:ProvenanceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range pkg:BuildActivity ; rdfs:subPropertyOf prov:wasDerivedFrom . slsa:buildImage a owl:DatatypeProperty ; rdfs:label "build image"@en ; IAO:0000115 "The container image reference or base operating system image used to create the build environment."@en ; rdfs:comment "The container image or base system used for the build"@en ; rdfs:domain slsa:BuildEnvironment ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:string . slsa:buildImageDigest a owl:DatatypeProperty ; rdfs:label "build image digest"@en ; IAO:0000115 "A cryptographic digest uniquely identifying the exact build image version used."@en ; rdfs:comment "The cryptographic digest of the build image"@en ; rdfs:domain slsa:BuildEnvironment ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:string . slsa:builderVersion a owl:DatatypeProperty ; rdfs:label "builder version"@en ; IAO:0000115 "The version identifier of the build platform or service used."@en ; rdfs:comment "The version of the build platform"@en ; rdfs:domain slsa:Builder ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:string . slsa:builtBy a owl:ObjectProperty ; rdfs:label "built by"@en ; IAO:0000115 "Associates a build activity with the specific builder (CI/CD platform or build service) that executed it."@en ; rdfs:comment "Links a build activity to the builder that performed it"@en ; rdfs:domain pkg:BuildActivity ; rdfs:isDefinedBy slsa: ; rdfs:range slsa:Builder ; rdfs:subPropertyOf prov:wasAssociatedWith . slsa:hasProvenance a owl:ObjectProperty ; rdfs:label "has provenance"@en ; IAO:0000115 "Associates a package with a SLSA provenance attestation documenting its build provenance."@en ; rdfs:comment "Links a package to its SLSA provenance attestation"@en ; rdfs:domain pkg:Package ; rdfs:isDefinedBy slsa: ; rdfs:range slsa:ProvenanceAttestation . slsa:hasSourceAttestation a owl:ObjectProperty ; rdfs:label "has source attestation"@en ; IAO:0000115 "Associates a provenance attestation with the source attestation documenting the origin of the source code."@en ; rdfs:comment "Links a provenance attestation to its source attestation"@en ; rdfs:domain slsa:ProvenanceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range slsa:SourceAttestation . slsa:hasSourceCommit a owl:ObjectProperty ; rdfs:label "has source commit"@en ; IAO:0000115 "Associates a source attestation with the specific VCS commit that was used as the source for the build."@en ; rdfs:comment "Links a source attestation to the specific commit used"@en ; rdfs:domain slsa:SourceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range vcs:Commit . slsa:hasSourceVcsRepository a owl:ObjectProperty ; rdfs:label "has source VCS repository"@en ; IAO:0000115 "Associates a source attestation with the version control repository from which the source was obtained."@en ; rdfs:comment "Links a source attestation to the VCS repository"@en ; rdfs:domain slsa:SourceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range vcs:Repository . slsa:isEphemeral a owl:DatatypeProperty ; rdfs:label "is ephemeral"@en ; IAO:0000115 "Indicates whether the build environment was ephemeral — created fresh for the build and destroyed afterward, preventing cross-build contamination."@en ; rdfs:comment "Whether the build environment was ephemeral (destroyed after use)"@en ; rdfs:domain slsa:BuildEnvironment ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:boolean . slsa:isIsolated a owl:DatatypeProperty ; rdfs:label "is isolated"@en ; IAO:0000115 "Indicates whether the build environment was isolated from other build tenants, preventing one build from influencing another."@en ; rdfs:comment "Whether the build environment was isolated from other tenants"@en ; rdfs:domain slsa:BuildEnvironment ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:boolean . slsa:predicateType a owl:DatatypeProperty, owl:FunctionalProperty ; rdfs:label "predicate type"@en ; IAO:0000115 "The URI identifying the attestation predicate type, such as https://slsa.dev/provenance/v1 for SLSA provenance."@en ; rdfs:comment "The in-toto predicate type URI for this attestation"@en ; rdfs:domain slsa:ProvenanceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:anyURI . slsa:signatureBundle a owl:DatatypeProperty ; rdfs:label "signature bundle"@en ; IAO:0000115 "The serialized DSSE (Dead Simple Signing Envelope) or in-toto signature bundle containing the signed attestation."@en ; rdfs:comment "The DSSE or in-toto signature envelope for the attestation"@en ; rdfs:domain slsa:ProvenanceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:string . slsa:sourceDigest a owl:DatatypeProperty ; rdfs:label "source digest"@en ; IAO:0000115 "A cryptographic digest of the source code tree used in the build, for integrity verification."@en ; rdfs:comment "The cryptographic digest of the source"@en ; rdfs:domain slsa:SourceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:string . slsa:sourceRef a owl:DatatypeProperty ; rdfs:label "source ref"@en ; IAO:0000115 "The version control reference (branch name, tag, or commit hash) identifying the exact source code version used in the build."@en ; rdfs:comment "The VCS reference (branch, tag, or commit) of the source"@en ; rdfs:domain slsa:SourceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:string . slsa:sourceRepository a owl:DatatypeProperty ; rdfs:label "source repository"@en ; IAO:0000115 "DEPRECATED: The URI of the version control repository. Use slsa:hasSourceVcsRepository (ObjectProperty → vcs:Repository) for graph-traversable links."@en ; rdfs:comment "DEPRECATED: Use slsa:hasSourceVcsRepository for graph connectivity."@en ; rdfs:domain slsa:SourceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:anyURI ; owl:deprecated true . slsa:twoPartyReviewed a owl:DatatypeProperty ; rdfs:label "two-party reviewed"@en ; IAO:0000115 "Indicates whether the source code change underwent two-party review before being merged, as required for SLSA source requirements."@en ; rdfs:comment "Whether the source change was reviewed by a second party"@en ; rdfs:domain slsa:SourceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:boolean . slsa:usedBuildEnvironment a owl:ObjectProperty ; rdfs:label "used build environment"@en ; IAO:0000115 "Associates a build activity with the build environment (container, VM, or bare metal) in which it executed."@en ; rdfs:comment "Links a build activity to the environment it ran in"@en ; rdfs:domain pkg:BuildActivity ; rdfs:isDefinedBy slsa: ; rdfs:range slsa:BuildEnvironment ; rdfs:subPropertyOf prov:used . slsa:verificationStatus a owl:DatatypeProperty ; rdfs:label "verification status"@en ; IAO:0000115 "The verification status of the attestation signature: verified, unverified, or failed."@en ; rdfs:comment "Whether the attestation signature has been verified"@en ; rdfs:domain slsa:ProvenanceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:string . slsa:attestationTimestamp a owl:DatatypeProperty, owl:FunctionalProperty ; rdfs:label "attestation timestamp"@en ; IAO:0000115 "The date and time when the provenance attestation was generated."@en ; rdfs:comment "When the attestation was created"@en ; rdfs:domain slsa:ProvenanceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:dateTime . slsa:attestsBuildLevel a owl:ObjectProperty ; rdfs:label "attests build level"@en ; IAO:0000115 "Associates a provenance attestation with the SLSA build level it attests to."@en ; rdfs:comment "Links a provenance attestation to its assessed SLSA build level"@en ; rdfs:domain slsa:ProvenanceAttestation ; rdfs:isDefinedBy slsa: ; rdfs:range slsa:BuildLevel . slsa:builderId a owl:DatatypeProperty, owl:FunctionalProperty ; rdfs:label "builder ID"@en ; IAO:0000115 "A URI that uniquely identifies the build platform or service, such as https://github.com/actions/runner or https://koji.fedoraproject.org."@en ; rdfs:comment "The URI identifying the build platform"@en ; rdfs:domain slsa:Builder ; rdfs:isDefinedBy slsa: ; rdfs:range xsd:anyURI . slsa:Builder a owl:Class ; rdfs:label "Builder"@en ; IAO:0000115 "A build platform, CI/CD service, or build system that executes the build process and produces software artifacts, such as GitHub Actions, Koji, or OBS."@en ; rdfs:comment "A build platform or service that produces software artifacts"@en ; rdfs:isDefinedBy slsa: ; rdfs:subClassOf [ a owl:Restriction ; owl:cardinality 1 ; owl:onProperty slsa:builderId ], prov:Agent . slsa:BuildEnvironment a owl:Class ; rdfs:label "Build Environment"@en ; IAO:0000115 "A description of the build environment including the operating system, toolchain, container image, and isolation properties used during a build activity."@en ; rdfs:comment "The environment in which a build was executed"@en ; rdfs:isDefinedBy slsa: ; rdfs:subClassOf prov:Entity . slsa:BuildLevel a owl:Class ; rdfs:label "SLSA Build Level"@en ; IAO:0000115 "A specific SLSA build level (L0-L3) that classifies the supply chain security posture of a software artifact based on its build provenance, isolation, and verification properties."@en ; rdfs:comment "A SLSA build level indicating the degree of supply chain integrity"@en ; rdfs:isDefinedBy slsa: ; rdfs:subClassOf owl:Thing . slsa:SourceAttestation a owl:Class ; rdfs:label "Source Attestation"@en ; IAO:0000115 "A statement attesting to the integrity and provenance of the source code used in a build, including its version control origin, review status, and two-party review compliance."@en ; rdfs:comment "An attestation about the source code and its version control provenance"@en ; rdfs:isDefinedBy slsa: ; rdfs:subClassOf prov:Entity . slsa:ProvenanceAttestation a owl:Class ; rdfs:label "Provenance Attestation"@en ; IAO:0000115 "A cryptographically signed document that attests to the build provenance of a software artifact, conforming to the in-toto attestation framework and SLSA provenance predicate."@en ; rdfs:comment "A signed statement about the provenance of a software artifact"@en ; rdfs:isDefinedBy slsa: ; rdfs:subClassOf [ a owl:Restriction ; owl:cardinality 1 ; owl:onProperty slsa:attestsBuildLevel ], [ a owl:Restriction ; owl:cardinality 1 ; owl:onProperty slsa:attestationTimestamp ], prov:Entity . slsa: a owl:Ontology ; rdfs:label "SLSA Supply Chain Security Ontology"@en ; dcterms:abstract "The SLSA ontology models supply chain provenance according to the SLSA v1.0 specification. It provides classes for provenance attestations, build environments, and SLSA level compliance, grounded in PROV-O. Attestations link to pkg:BuildActivity and pkg:DataSnapshot, enabling SPARQL queries such as finding all packages with SLSA L3 provenance or identifying packages built on unattested infrastructure." ; dcterms:created "2026-04-13"^^xsd:date ; dcterms:creator ; dcterms:description "Models SLSA provenance attestations, build levels, builder identity, and source-to-artifact verification chains for software supply chain security." ; dcterms:license ; dcterms:modified "2026-04-21"^^xsd:date ; dcterms:title "SLSA Supply Chain Security Ontology" ; rdfs:comment "Ontology for representing SLSA (Supply-chain Levels for Software Artifacts) provenance attestations, build levels, and supply chain verification metadata"@en ; rdfs:isDefinedBy slsa: ; rdfs:seeAlso ; owl:imports pkg:, sec:, vcs: ; owl:priorVersion ; owl:versionIRI ; owl:versionInfo "0.7.0" .