diff --git a/pkg/chains/formats/slsa/v2/taskrun/taskrun.go b/pkg/chains/formats/slsa/v2/taskrun/taskrun.go
index f1df421b1d..e4cef67914 100644
--- a/pkg/chains/formats/slsa/v2/taskrun/taskrun.go
+++ b/pkg/chains/formats/slsa/v2/taskrun/taskrun.go
@@ -70,7 +70,7 @@ func GenerateAttestation(builderID string, payloadType config.PayloadType, tro *
 // which material the Task definition came from
 func invocation(tro *objects.TaskRunObject) slsa.ProvenanceInvocation {
 	i := slsa.ProvenanceInvocation{}
-	if p := tro.Status.Provenance; p != nil {
+	if p := tro.Status.Provenance; p != nil && p.ConfigSource != nil {
 		i.ConfigSource = slsa.ConfigSource{
 			URI:        p.ConfigSource.URI,
 			Digest:     p.ConfigSource.Digest,
@@ -78,9 +78,24 @@ func invocation(tro *objects.TaskRunObject) slsa.ProvenanceInvocation {
 		}
 	}
 	i.Parameters = invocationParams(tro)
+	env := invocationEnv(tro)
+	if len(env) > 0 {
+		i.Environment = env
+	}
 	return i
 }
 
+// invocationEnv adds the tekton feature flags that were enabled
+// for the taskrun. In the future, we can populate versioning information
+// here as well.
+func invocationEnv(tro *objects.TaskRunObject) map[string]any {
+	var iEnv map[string]any = make(map[string]any)
+	if tro.Status.Provenance != nil && tro.Status.Provenance.FeatureFlags != nil {
+		iEnv["tekton-pipelines-feature-flags"] = tro.Status.Provenance.FeatureFlags
+	}
+	return iEnv
+}
+
 // invocationParams adds all fields from the task run object except
 // TaskRef or TaskSpec since they are in the ConfigSource or buildConfig.
 func invocationParams(tro *objects.TaskRunObject) map[string]any {
diff --git a/pkg/chains/formats/slsa/v2/taskrun/taskrun_test.go b/pkg/chains/formats/slsa/v2/taskrun/taskrun_test.go
index 59594f0c39..e277b40bb4 100644
--- a/pkg/chains/formats/slsa/v2/taskrun/taskrun_test.go
+++ b/pkg/chains/formats/slsa/v2/taskrun/taskrun_test.go
@@ -31,6 +31,7 @@ import (
 	"github.com/tektoncd/chains/pkg/chains/formats/slsa/extract"
 	slsav1 "github.com/tektoncd/chains/pkg/chains/formats/slsa/v1/taskrun"
 	"github.com/tektoncd/chains/pkg/chains/objects"
+	"github.com/tektoncd/pipeline/pkg/apis/config"
 	"github.com/tektoncd/pipeline/pkg/apis/pipeline/pod"
 	"github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
 	"github.com/tektoncd/pipeline/pkg/apis/resource/v1alpha1"
@@ -152,6 +153,16 @@ status:
     - name: my-default-empty-array-param
       type: array
       default: []
+  provenance:
+    featureFlags:
+      AwaitSidecarReadiness: true
+      CustomTaskVersion: v1beta1
+      EnableAPIFields: stable
+      EnableProvenanceInStatus: true
+      MaxResultSize: 4096
+      ResourceVerificationMode: skip
+      ResultExtractionMethod: termination-message
+      RunningInEnvWithInjectedSidecars: true
 `
 
 	var taskRun *v1beta1.TaskRun
@@ -189,6 +200,18 @@ status:
 			"Timeout":            (*metav1.Duration)(nil),
 			"Workspaces":         []v1beta1.WorkspaceBinding(nil),
 		},
+		Environment: map[string]any{
+			"tekton-pipelines-feature-flags": &config.FeatureFlags{
+				RunningInEnvWithInjectedSidecars: true,
+				EnableAPIFields:                  "stable",
+				AwaitSidecarReadiness:            true,
+				ResourceVerificationMode:         "skip",
+				EnableProvenanceInStatus:         true,
+				ResultExtractionMethod:           "termination-message",
+				MaxResultSize:                    4096,
+				CustomTaskVersion:                "v1beta1",
+			},
+		},
 	}
 	got := invocation(objects.NewTaskRunObject(taskRun))
 	if !reflect.DeepEqual(expected, got) {