GRC Store

Search / openssf/osps-baseline-to-slsa / v0.0.0-dev-671f23f

Release · v0.0.0-dev-671f23f

openssf/osps-baseline-to-slsa Mapping Document

openssf/osps-baseline-to-slsa

Cross-walk from the Open Source Project Security (OSPS) Baseline controls to SLSA. Each mapping asserts a "relates-to" relationship; strength, confidence-level, and rationale are left unset and should be added as the mappings are individually reviewed.

Published by OSPS Baseline Authors

Install

OCI v1.1
$grcli unpack --repository openssf/osps-baseline-to-slsa --tag v0.0.0-dev-671f23f
Coordinate
oci.grc.store/openssf/osps-baseline-to-slsa:v0.0.0-dev-671f23f
Manifest digest
sha256:fa634e20ba109eddcc8341d1dcd162e9d4b80165c7255f8691c3634a68a29e9c

Provenance

1 layer
Digest Media type Size
d473db9efd65… application/vnd.gemara.artifact.v1+yaml 3.0 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "osps-baseline-to-slsa",
            "type": "MappingDocument"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "openssf/osps-baseline-to-slsa",
            "tag": "v0.0.0-dev-671f23f"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/security-baseline",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26617016306",
          "GITHUB_SHA": "671f23f015e4b0f6108ab8f82f0eba7f89d55dce",
          "GITHUB_WORKFLOW": "Publish to grc.store",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "/home/runner/work/_temp/staged/osps-to-slsa.yaml",
            "uri": "file:///home/runner/work/_temp/staged/osps-to-slsa.yaml",
            "digest": {
              "sha256": "d473db9efd65aa7dcc0363ebd5be1f0e8be691e640c81177106a2aad82b21534"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/security-baseline@671f23f015e4b0f6108ab8f82f0eba7f89d55dce",
            "digest": {
              "gitCommit": "671f23f015e4b0f6108ab8f82f0eba7f89d55dce"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/security-baseline/actions/runs/26617016306",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26617016306-1",
          "startedOn": "2026-05-29T03:57:20.603726446Z",
          "finishedOn": "2026-05-29T03:57:20.682909678Z"
        },
        "byproducts": [
          {
            "name": "osps-to-slsa.yaml",
            "digest": {
              "sha256": "d473db9efd65aa7dcc0363ebd5be1f0e8be691e640c81177106a2aad82b21534"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "osps-to-slsa.yaml",
      "type": "MappingDocument",
      "id": "osps-baseline-to-slsa",
      "role": "artifact"
    }
  ]
}

Renderer not enabled

A renderer for MappingDocument is not yet supported in this UI. The artifact is published and pullable via the coordinate above.