Verifiable Blockchain Deployments with SLSA

Secure your smart contracts and frontend deployments with verifiable provenance and GitHub-based signing.

This documentation section demonstrates how to apply the SLSA framework to blockchain development — from smart contracts to on-chain static sites using Walrus.

Why It Matters

In Web3, it's critical to prove that the code you deployed is exactly the code you built.
With the combination of:

• SLSA (Supply-chain Levels for Software Artifacts)
• Sigstore-based GitHub provenance
• Walrus Sites for decentralized hosting
• And tools like GitSigner and Notary

You can now deliver fully verifiable and tamper-proof deployments — both frontend and smart contract.

What You’ll Find Here

This section includes:

• SLSA on Blockchain
  Overview of how SLSA can be applied to Web3 workflows and smart contract provenance.

• Walrus Sites Provenance
  Step-by-step guide to deploying static sites to the Sui blockchain with full SLSA-backed provenance.

• Notary Frontend
  A live verifier UI (notary.wal.app) that checks .intoto.jsonl, file hashes, and GitHub signatures.

All tools in this section are designed to interoperate.
You can deploy with walrus-sites-provenance, then verify with notary.wal.app.