Overview
Learn how to implement Software Supply Chain Security Assurance (SLSA) standards for OCI artifacts in this 31-minute conference talk from OpenSSF. Discover practical steps for enhancing build pipeline security through hands-on demonstrations of generating comprehensive Software Bill of Materials (SBOM) and provenance metadata. Master keyless attestations using cosign, implement hermetic builds with Buildkit providers, and explore best practices for dependency management. Gain valuable insights into automated patching strategies, effective attestation sharing, and successful collaboration with compliance teams to create secure, trustworthy artifacts that meet modern cybersecurity requirements.
Syllabus
Cooking up Secure OCI Artifacts with SLSA - Harsh Thakur, Civo & Saiyam Pathak, Loft Labs
Taught by
OpenSSF