Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

An Overview on SLSA

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore a comprehensive overview of SLSA (Supply-chain Levels for Software Artifacts) in this informative conference talk presented by Tom Hennen from Google and Joshua Lock from VMware. Dive into the methodology designed to prevent tampering with the software supply chain, following the journey of mischievous gremlins attempting to introduce malicious code into a widely-used container image. Learn how SLSA controls effectively raise the cost of attacks at each step of the supply chain, thwarting potential threats. Discover the concept of SLSA levels, trust boundaries, and both implicit and explicit policy checks. Through engaging examples and scenarios, gain insights into how SLSA safeguards against various attack vectors, including housekeeping attacks. Conclude with an introduction to SLSA Level 1 and a glimpse into future developments in supply chain security.

Syllabus

Intro
Supply Chain Overview
What is SLSA?
SLSA Levels
What is tampering?
How?
SLSA Trust Boundaries
Gremlins in the supply chain
Vax Trial Analysis runs evil fetcher
SLSA to the rescue!
Implicit Policy Checks
Explicit policy
SLSA saves the day!
Gremlin housekeeping attack
SLSA does it again!
SLSA Level 1
What's cooking

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of An Overview on SLSA

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.