SUSE® Rancher Prime, Kubewarden, and RKE2 are SLSA Level 3 Compliant – Why Enterprises want SLSA 3

SUSE® Rancher Prime, Kubewarden, and RKE2 are SLSA Level 3 Compliant – Why Enterprises want SLSA 3

At SUSE, security is more than a priority – it’s a fundamental part of everything we do. That’s why we’re proud to announce that SUSE® Rancher Prime 2.10.1, our Admission Policy Manager, and RKE2 all achieved SLSA Level 3 (Supply-chain Levels for Software Artifacts) compliance – available exclusively to SUSE Rancher Prime customers.

You might be wondering, what’s SLSA Level 3, and why do enterprises care so much? Let’s break it down and explore what this means for your Kubernetes workloads.

What is SLSA?

SLSA (pronounced “salsa”) is an industry-wide security framework aimed at ensuring software is delivered with integrity and is resistant to tampering. It’s structured across three levels, with each level representing a higher standard of software supply chain security.

Level 3 means:

• Your software includes a proven and auditable build process, making it easy to trace the origins of every artifact.
• Build systems are hardened to prevent unauthorized access or tampering.
• There’s a robust chain of trust for all source code, dependencies and the generated artefacts.

In simpler terms, this certification tells you: “Yes, this software was built securely, and you can trust it.”

So, What’s New?

SUSE® Rancher Prime

Rancher has always been the go-to platform for managing Kubernetes clusters. With SLSA Level 3 compliance, Rancher 2.10.1 takes security to the next level by ensuring that every component is built with a verified, tamper-resistant process. This gives you the peace of mind you need when managing multi-cluster environments across hybrid or edge deployments.

Kubewarden policy engine

Kubewarden, our policy engine for Kubernetes, gives you the power to enforce security policies across your clusters dynamically. With SLSA Level 3, you can trust that Kubewarden itself was built securely and is free from supply chain vulnerabilities. This means that when you implement security policies, you’re building on a foundation that’s as strong as the policies themselves.

RKE2 (Rancher Kubernetes Engine 2)

RKE2 is a secure Kubernetes distribution that’s ideal for enterprise-scale, production-grade workloads. By achieving SLSA Level 3, RKE2 guarantees that its source code, build process, and distribution are hardened against supply chain attacks, ensuring it’s both stable and trustworthy. This forms a solid foundation for any enterprise that wants to run cloud native workloads at scale.

Why Should Enterprise Customers Care?

For enterprises, security isn’t just a feature—it’s a business imperative. Supply chain attacks are growing in both frequency and sophistication, and the repercussions of an exploit can include regulatory fines, reputational damage, and costly downtime. By using our solutions like SUSE® Rancher Prime 2.10.1, SUSE® Rancher Prime: Admission Policy Manager, and SUSE® Rancher Prime: RKE2, now with SLSA Level 3 for Prime customers, your organization benefits from:

1. Enterprise-Grade Security Protect your critical workloads with software that adheres to rigorous industry standards, ensuring your business is shielded from tampering and unauthorized changes. With SLSA Level 3, your Kubernetes solutions are built with verifiable integrity, reducing the likelihood of costly disruptions caused by compromised dependencies.
2. Regulatory Compliance Made Simpler From GDPR to SOC 2 and beyond, many compliance frameworks now require auditable proof of software integrity. SLSA Level 3 aligns with these requirements, helping your organization meet compliance benchmarks and reducing audit complexity.
3. Enhanced Risk Mitigation For enterprises, downtime caused by a compromised software supply chain isn’t just a nuisance—it’s a potential financial and operational disaster. Leveraging SLSA-compliant solutions helps minimize risk, ensuring your environments remain stable and secure.
4. Confidence at Scale As your Kubernetes environments expand across hybrid, edge, or multi-cloud infrastructures, maintaining consistent and secure software delivery becomes challenging. SLSA Level 3 ensures every deployment meets the same high standards, enabling business continuity and reducing the strain on your IT teams.

By integrating SUSE® Rancher Prime 2.10.1, SUSE® Rancher Prime: Admission Policy Manager Kubewarden, and SUSE® Rancher Prime: RKE2 into your Kubernetes environments, you create a foundation of trust and security that enables innovation without compromise.

What’s Next?

We’re excited about this milestone, but we’re not stopping here. Our team is strives toward reducing CVE’s all the time. In the meantime, we’ll continue delivering trusted, high-quality solutions to help you manage and secure your Kubernetes workloads.

How Can You Get Started?

If you’re already a Prime customer and using SUSE® Rancher Prime 2.10.1, our Kubewarden, and RKE2, you’re ahead of the curve! These tools are now better than ever at providing the security and reliability you need. If you’re new to these solutions, now’s a great time to dive in.

Visit our product documentation or reach out to our team to learn more about how SLSA Level 3 compliance benefits your organization.

The bottom line? We’re delivering secure, trusted software so you can focus on building, deploying, and scaling with confidence. Let’s keep your Kubernetes ecosystems protected—together.

This article was authored by:

Author: Emina Cosic, Senior Product Manager

Author: Paulo Gomes, Security Engineer