SLSA Conformance - Understanding Build System Requirements and Trust Decisions

Explore the Supply Chain Levels for Software Assurance (SLSA) framework and its conformance program in this 31-minute talk by Kris Kooi from Google. Gain insights into the rigorous security standards required for build systems to meet the highest level of build assurance. Learn about the SLSA requirements for build systems, the workings of the SLSA conformance program, and how consumers can enforce trust decisions during SLSA verification. Understand the importance of the self-certification process for build system maintainers, the factors developers should consider when choosing builders, and how consumers can access public evidence of SLSA-conformant build systems. Discover how this framework is gaining traction across industry and open source ecosystems to improve software artifact integrity.

SLSA Conformance - Kris Kooi, Google