From Mild To Wild: How Hot Can Your SLSA Be?
Resources:
Abstract
Policy engines can consume attestations at three heat levels. Start mild and turn up the heat as you mature.
Mild: Verify builder identity, SLSA levels, signatures, attestations. Answer “Who built this?” and “Does it meet standards?”
Medium: Generate Verification Summary Attestations from multiple sources. Deploy admission controllers blocking nonconforming workloads from deploying. Enforce standards automatically. Attestations drive decisions, not documentation.
Wild: Build trust chains through provenance. Chain attestations across the software lifecycle, from the build environment, down to the consumer. Enabling verifiers to reason about artifacts, not just their signatures. Demands process maturity but unlocks flexible security.
We demonstrate implementations at each level using policy engines, including AMPEL and Conforma. Discover which heat level matches your organization and how to turn up the temperature.
Key Topics
- Topic 1
- Topic 2
- Topic 3