SLSA Courses and Certifications

SLSA with Cosign and Kyverno - Securing Software Delivery in Cloud Native Environments

Explore SLSA, Cosign, and Kyverno for enhancing software delivery security in cloud-native environments. Learn practical techniques to safeguard your development pipeline.

• YouTube
• 1 hour
• On-Demand
• Free Video

OpenSSF

The State of Git Security With SLSA and Gittuf

1 review

Explore Git security beyond forge platforms using gittuf for repository policies and SLSA for source provenance, including new read permissions and standardization efforts.

• YouTube
• 24 minutes
• On-Demand
• Free Video

SLSA in Action: Securing the Software Supply Chain

Live demonstration of securing software supply chain and achieving SLSA compliance using sample repo. OpenSSF SLSA group showcases tooling developed to meet SLSA 1.0 Build Specification, offering practical insights into implementation.

• YouTube
• 40 minutes
• On-Demand
• Free Video

Google SLSA and NIST SSDF - Emerging Software Supply Chain Security Best Practices

Explore emerging best practices for software supply chain security, focusing on Google's SLSA framework and NIST's SSDF guidelines to enhance your organization's cybersecurity posture.

• YouTube
• 29 minutes
• On-Demand
• Free Video

Building SLSA 3 Conformant Attestors for Artifacts Generated on GitHub

Learn to create SLSA 3 compliant attestors for GitHub artifacts, enhancing software supply chain security with minimal effort using recent framework extensions.

• YouTube
• 34 minutes
• On-Demand
• Free Video

Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling

Explore threat modeling for Kubernetes CI/CD security using SLSA standards. Learn to identify and mitigate vulnerabilities in supply chain processes, with practical insights from Tekton's implementation.

• YouTube
• 33 minutes
• On-Demand
• Free Video

Spicing up Container Image Security with SLSA and GUAC

Explore SLSA and GUAC tools to enhance container image security, verify build provenance, and understand artifact composition for safer deployments in production environments.

• YouTube
• 36 minutes
• On-Demand
• Free Video

SLSA FRSCA Recipe for Secure Supply Chain

Explore an end-to-end solution for software supply chain security using OpenSSF-FRSCA, integrating tools like Tekton, Sigstore, and Kyverno to meet SLSA Level 3 requirements.

• YouTube
• 33 minutes
• On-Demand
• Free Video

NDC Conferences

SLSA, SigStore, SBOM & Software Supply Chain Security - What Does It All Mean?

Demystifying software supply chain security: SLSA, SigStore, and SBOM explained. Learn about tools and methodologies to secure software from development to production in this comprehensive overview.

• YouTube
• 43 minutes
• On-Demand
• Conference Talk

Securing the Supply Chain: A Practical Guide to SLSA Compliance from Build to Runtime

Practical guide to securing software supply chain using CNCF tools. Covers SLSA compliance, GitHub Actions, Cosign, Kyverno, in-toto, and Kubescape for build-to-runtime security in Kubernetes ecosystems.

• YouTube
• 34 minutes
• On-Demand
• Free Video

OpenSSF

SLSA: A Security Paradigm for Software Supply Chain Integrity

Explore SLSA levels, software supply chain security basics, and tools like Cosign to enhance artifact integrity and benefit your organization.

• YouTube
• 58 minutes
• On-Demand
• Free Video

DevSecCon

GitHub-Azure Authentication and SLSA in DevOps

Explore GitHub Actions authentication for Azure and SLSA principles in DevSecOps. Learn passwordless methods, security levels, and contribute to open-source supply chain security projects.

• YouTube
• 1 hour 18 minutes
• On-Demand
• Free Video

The Chain of Trust - Towards SLSA L3 with Tekton Trusted Artifacts

Explore Tekton's approach to securing software supply chains through trusted artifacts, provenance, and Sigstore integration, addressing challenges in preserving the chain of trust for build systems.

• YouTube
• 40 minutes
• On-Demand
• Free Video

Securing the Supply Chain: A Practical Guide to SLSA Compliance from Build to Runtime

Dive into SLSA compliance for supply chain security using CNCF tools. Explore GitHub Actions, Cosign, Kyverno, in-toto, and Kubescape to secure software from build to runtime in Kubernetes ecosystems.

• YouTube
• 33 minutes
• On-Demand
• Free Video

Fresh SLSA and GUAC - Understanding Open Source Package Risks and Transparency

Explore open source package risks, transparency, and tools like GUAC, SLSA, and SBOMs to enhance software supply chain security and make informed decisions on dependencies.

• YouTube
• 40 minutes
• On-Demand
• Free Video