Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how to protect software supply chains from source code tampering using the Supply-chain Levels for Software Artifacts (SLSA) framework in this 20-minute conference talk. Explore the newly developed SLSA Source Track, which extends beyond CI/CD workflow protection to provide comprehensive assurance for source code management within repositories. Discover how this framework addresses threats of malicious source code modifications and enables attribution of changes to specific actors who introduced them. Examine real-world attack scenarios, including the 2021 PHP repository compromise where malicious commits were injected, and understand how SLSA Source Track could have prevented such incidents. Investigate protection mechanisms against sophisticated attacks like the recent xz vulnerability by implementing additional controls such as mandatory code reviews. Gain insights into recording supplementary information about source revisions, including code review completion status and static application security testing (SAST) tool analysis results. Review a practical proof-of-concept demonstration showing how to achieve Source Level 3 implementation in existing source control systems without requiring specialized platform support, making this security framework accessible for immediate deployment in current development environments.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
