Explore the Supply Chain Levels for Software Assurance (SLSA) framework and its conformance program in this 31-minute talk by Kris Kooi from Google. Gain insights into the rigorous security standards required for build systems to meet the highest level of build assurance. Learn about the SLSA requirements for build systems, the workings of the SLSA conformance program, and how consumers can enforce trust decisions during SLSA verification. Understand the importance of the self-certification process for build system maintainers, the factors developers should consider when choosing builders, and how consumers can access public evidence of SLSA-conformant build systems. Discover how this framework is gaining traction across industry and open source ecosystems to improve software artifact integrity.
SLSA Conformance - Understanding Build System Requirements and Trust Decisions
Overview
Syllabus
SLSA Conformance - Kris Kooi, Google
Taught by
Linux Foundation
Tags
Related Courses
-
Building SLSA 3 Conformant Attestors for Artifacts Generated on GitHub
-
SLSA and FRSCA - Securing the Software Supply Chain
-
Lessons Learned from Automating SLSA-Compliance Evaluation
-
The Chain of Trust - Towards SLSA L3 with Tekton Trusted Artifacts
-
Analyzing Google's SLSA Framework for Securing Software Supply Chains
-
Supply Chain Security: Building a Knowledge Graph for Artifact Relationships
