Generate SLSA

Add a SLSA Generation step to an existing Harness pipeline to generate SLSA provenance and optionally attest/sign the .att file in the container registry. Pipeline YAML uses type: provenance (UI label: SLSA Generation; do not use SlsaGeneration — API rejects it).

This skill only works with existing pipelines — do not create standalone SLSA-only pipelines.

Prerequisites: Image must be built and pushed (or available in registry) before SLSA runs. Key-based attestation requires Cosign key pair secrets (/create-secret). Harness Cloud builds enable SLSA Level 3 provenance when using hosted infrastructure.

Guide the user through a step-by-step interactive wizard (same UX as /configure-repo-scan):

• Wizard: references/interactive-wizard-flow.md
• UI ↔ YAML: references/slsa-generation-step.md
• CD containerized step groups: references/cd-containerized-step-group.md