Explore the Supply Chain Levels for Software Assurance (SLSA) framework and its conformance program in this 31-minute talk by Kris Kooi from Google. Gain insights into the rigorous security standards required for build systems to meet the highest level of build assurance. Learn about the SLSA requirements for build systems, the workings of the SLSA conformance program, and how consumers can enforce trust decisions during SLSA verification. Understand the importance of the self-certification process for build system maintainers, the factors developers should consider when choosing builders, and how consumers can access public evidence of SLSA-conformant build systems. Discover how this framework is gaining traction across industry and open source ecosystems to improve software artifact integrity.
SLSA Conformance - Understanding Build System Requirements and Trust Decisions
Overview
Syllabus
SLSA Conformance - Kris Kooi, Google
Taught by
Linux Foundation
Tags
Related Courses
-
Building SLSA 3 Conformant Attestors for Artifacts Generated on GitHub
-
SLSA and FRSCA - Securing the Software Supply Chain
-
SLSA: A Security Paradigm for Software Supply Chain Integrity
-
SLSA - A Supply Chain Security Framework
-
Lessons Learned from Automating SLSA-Compliance Evaluation
-
Continuous Assurance of Supply Chain Security Levels of Open Source Artifacts Using SLSA 0.1
