YoVDO

Building SLSA 3 Conformant Attestors for Artifacts Generated on GitHub

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Supply Chain Security Courses GitHub Courses Vulnerability Scanning Courses SLSA Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the implementation of SLSA 3 Conformant Attestors for artifacts generated on GitHub in this informative conference talk by Ian Lewis and Asra Ali from Google. Dive into the Supply chain Levels for Software Artifacts (SLSA) security framework and its growing adoption in industry and open source projects. Learn about generating SLSA provenance attestations for various artifacts, including vulnerability scanner results and SBOMs. Discover a recent extension of the SLSA framework that simplifies the process of creating compliant attestors by wrapping existing tools. Examine real-world examples of SLSA builders for package managers like npm and maven. Gain insights into the challenges faced and lessons learned during implementation. By the end of this talk, acquire the necessary background to create SLSA provenance attestations for your own tools and outputs.

Syllabus

Building SLSA 3 Conforment Attestors for Artifacts Generated on GitHub- Ian Lewis & Asra Ali, Google


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Ketchup, Mustard, and Relish of Software Supply Chain Security - Panel Discussion
Linux Foundation via YouTube
SLSA in Action: Securing the Software Supply Chain
Linux Foundation via YouTube
Securing Your Supply Chain by Building with FRSCA
Linux Foundation via YouTube
Open Tools for Secure Supply Chains in Kubernetes - From Release Engineering
Linux Foundation via YouTube
Google SLSA and NIST SSDF - Emerging Software Supply Chain Security Best Practices
Linux Foundation via YouTube