tldr - powered by Generative AI

• Salsa is an emerging standard that puts many requirements on the table for supply chain security implementation
• Compliance-driven implementation of the framework may result in minimal value and negotiation with suppliers is necessary
• Provenance documents can be built from APIs and log files to avoid opening up all pipelines
• Level three of Salsa promises better protection from developer workstations and adjacent build systems
• Strongly authenticated actors and retention of sources indefinitely are challenging requirements to comply with
• The Salsa standard provides solutions but they are hard to implement and may result in loss of accreditation