1-2-Step: How do you SLSA?
Abstract
Scanning for vulnerabilities isn’t enough. If you lack proof of a verified chain of custody, your pipeline is flying blind. The new SLSA 1.2 framework provides a blueprint for high-assurance security by distinctly separating the Source and Build tracks.
But with more tracks come more complexities. How do you verify git history and hermetic build isolation without slowing developers to a crawl?
In this session, we demonstrate an end-to-end walkthrough of a Tekton-based software factory that solves this challenge. We will show how to integrate an automated policy engine to turn abstract guidelines into concrete, automated gates.
Join us to see the “1-2-step” of supply chain security:
- Attest: Automatically capturing unforgeable proof of Source and Build.
- Enforce: Using policy-as-code to block non-compliant artifacts before publication.
Key Topics
- Topic 1
- Topic 2
- Topic 3