Lessons Learned from Automating SLSA-Compliance Evaluation

Lessons Learned from Automating SLSA-Compliance Evaluation

Linux Foundation via YouTube Direct link

Demo: Untrusted log

23 of 27

23 of 27

Demo: Untrusted log

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Lessons Learned from Automating SLSA-Compliance Evaluation

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Agenda Storyline
  3. 3 SLSA Overview
  4. 4 Provenance: Evidence Based Trust
  5. 5 Our Pipelines
  6. 6 Pipeline Dynamics
  7. 7 First Steps: SLSA L1
  8. 8 No Brainer
  9. 9 The Requirements
  10. 10 Compliance
  11. 11 Provenance Authenticity Options
  12. 12 Sample log files
  13. 13 Anecdote: Not All Logs Created Equal
  14. 14 Anecdote: Logs and Immutable Reference
  15. 15 SLSA L1+L2 Evaluation Automation
  16. 16 Source-Verified
  17. 17 SLSA Source - Retained Indefinitely Req.
  18. 18 SLSA L3 Source Reqs Options
  19. 19 SLSA L3 Ephemeral & Isolation Challenge
  20. 20 Implementing SLSA L3 Ephemeral & Isolation
  21. 21 Evaluation of Ephemeral & Isolation Reqs.
  22. 22 SLSA L3 - Provenance - Non-Falsifiable
  23. 23 Demo: Untrusted log
  24. 24 Unfalsifiable Provenance
  25. 25 Build Parameterless & Hermetic
  26. 26 Defeated by SLSA L4
  27. 27 Takeaways

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.