The Software Supply Chain Levels for Software Artifacts (SLSA) is a security framework developed in response to large-scale attacks on digital infrastructure, like the SolarWinds hack, aiming to secure software build pipelines and supply chains. Pronounced "salsa", it is an open-source framework that provides a structured approach to fortifying software supply chains against threats and is designed to adapt to emerging risks. SLSA, stewarded by the Open Source Security Foundation, offers documentation, automated tools, and guidelines for evaluating software artifacts' security levels, organized into tracks and levels, with the "Build" track being the current focus. It emphasizes core principles such as minimizing platform use, prioritizing code over individuals for trust, and preferring attestations over inferences. Companies can use SLSA to assess internal infrastructures and audit software vendors, though participation is voluntary and lacks formal certification. The framework addresses threats like build process compromises and malicious artifact injections, with future versions planning to include more comprehensive protective measures. Adoption involves educating stakeholders, evaluating current systems, and implementing automated verification tools, with resources like Buildkite aiding compliance.