SLSA masterclasses

Empower DevOps to do security



This video is for members only



Practical SLSA for Developers and Application Security Professionals

Submitted Aug 18, 2023

Software supply chain integrity has been a hot topic for a few years now. Yet, the 99% of AppSec professionals stop at basic SBOM/SCA activities and call it done. Clearly, that is not enough. SLSA, despite being around 2+ years, is yet to find widespread awareness, let alone adopton.

This session will introduce the ideas and concepts behind SLSA - discussing why it is needed, what problems it solves at each “level” and how.

There is adequate tooling/support for SLSA use on popular platforms. Using this tooling, the session will show how to generate SLSA provenance and how this may be used by “consumers” of the software artifacts, to ascertain the trustworthiness/integrity of those artifacts.

This will be a practical approach session; not an academic dissertation of SLSA and it’s specification/documentation.


{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hybrid access (members only)

Hosted by

We care about site reliability, cloud costs, security and data privacy