Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the critical gaps between SLSA Build Level 3 certification and actual software supply chain security in this 23-minute conference talk. Examine what achieving SLSA Build Level 3 truly means beyond the prestigious milestone that many CNCF and open source projects claim, using the official slsa-github-generator workflow as a detailed case study. Learn how provenance is generated and what verification processes actually occur versus what appears to be verified. Discover specific examples where build provenance can appear completely valid while remaining fundamentally untrustworthy due to subtle gaps in build tooling, configuration, or verification processes. Master practical techniques for comparing alternative builders against official SLSA tooling, identifying warning signs in provenance attestations, and properly implementing SLSA tools to establish genuine trust rather than superficial compliance. Gain essential knowledge for both software consumers and maintainers to distinguish between authentic security assurance and misleading provenance that only appears trustworthy on the surface.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
