Tekton has a thing called “chains” for Supply Chain Security. https://github.com/tektoncd/chains
They’re working on SLSA compliance now. They have L1 supported fully and are partially done with L2 & L3.
They don’t have 100% of provenance available, which is a criteria for L2.
They ensure non-falsifiable provenance via SPIFFY/SPIRE https://spiffe.io/
The tekton project itself is ~L3.