![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=60,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the critical gaps between SLSA Build Level 3 certification and actual software supply chain security in this 23-minute conference talk that challenges common assumptions about build provenance trustworthiness. Examine the official slsa-github-generator workflow as a case study to understand how provenance is generated and what verification processes actually validate versus what they appear to guarantee. Learn to identify scenarios where provenance attestations may seem valid but should not be trusted, including subtle vulnerabilities in build tooling, configuration errors, and verification gaps that can compromise software supply chain integrity. Discover practical strategies for comparing alternative builders against official SLSA tooling, recognizing red flags in provenance attestations, and implementing SLSA tools correctly to establish genuine trust rather than superficial compliance. Gain essential knowledge for both software consumers and maintainers to critically evaluate build provenance claims and make informed decisions about software supply chain security in cloud native environments.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
