Verifiable Blockchain Deployments with SLSA
Secure your smart contracts and frontend deployments with verifiable provenance and GitHub-based signing.
This documentation section demonstrates how to apply the SLSA framework to blockchain development — from smart contracts to on-chain static sites using Walrus.
Why It Matters
In Web3, it's critical to prove that the code you deployed is exactly the code you built.
With the combination of:
- SLSA (Supply-chain Levels for Software Artifacts)
- Sigstore-based GitHub provenance
- Walrus Sites for decentralized hosting
- And tools like GitSigner and Notary
You can now deliver fully verifiable and tamper-proof deployments — both frontend and smart contract.
What You’ll Find Here
This section includes:
SLSA on Blockchain
Overview of how SLSA can be applied to Web3 workflows and smart contract provenance.Walrus Sites Provenance
Step-by-step guide to deploying static sites to the Sui blockchain with full SLSA-backed provenance.Notary Frontend
A live verifier UI (notary.wal.app) that checks.intoto.jsonl
, file hashes, and GitHub signatures.
All tools in this section are designed to interoperate.
You can deploy with walrus-sites-provenance, then verify with notary.wal.app.