Explore the implementation of SLSA 3 Conformant Attestors for artifacts generated on GitHub in this informative conference talk by Ian Lewis and Asra Ali from Google. Dive into the Supply chain Levels for Software Artifacts (SLSA) security framework and its growing adoption in industry and open source projects. Learn about generating SLSA provenance attestations for various artifacts, including vulnerability scanner results and SBOMs. Discover a recent extension of the SLSA framework that simplifies the process of creating compliant attestors by wrapping existing tools. Examine real-world examples of SLSA builders for package managers like npm and maven. Gain insights into the challenges faced and lessons learned during implementation. By the end of this talk, acquire the necessary background to create SLSA provenance attestations for your own tools and outputs.
Building SLSA 3 Conformant Attestors for Artifacts Generated on GitHub
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Building SLSA 3 Conforment Attestors for Artifacts Generated on GitHub- Ian Lewis & Asra Ali, Google
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Analyzing Google's SLSA Framework for Securing Software Supply Chains
-
The Chain of Trust - Towards SLSA L3 with Tekton Trusted Artifacts
-
SLSA Conformance - Understanding Build System Requirements and Trust Decisions
-
Securing Your Container Native Supply Chain with SLSA, GitHub and Tekton
-
Lessons Learned from Automating SLSA-Compliance Evaluation
-
Improve Vulnerability Management with OCI Artifacts - It Is That Easy
