SLSA and FRSCA: Beyond Snacks and Soda! - Christopher Hanson, RX-M, llc.

less than 1 minute read

Abstract

As the systems where we build software grow in complexity and interconnectedness, so do potential risks. Thus, ensuring the security of the software supply chain has become a critical concern for any organization providing or consuming build platforms or packaging infrastructure. To address this concern, the Supply-chain Levels for Software Artifacts (SLSA) framework provides a set of guidelines to help organizations articulate how secure their systems are. This talk will begin by discussing the concepts of the SLSA framework: tracks, levels, and requirements. We will then build artifacts using a build system based on open source tooling from the Factory for Repeatable Secure Creation of Artifacts (FRSCA) reference implementation to demonstrate how to iteratively achieve increasing SLSA build levels. By the end, attendees should be able to begin assessing the security of their own organization’s software development and distribution processes and have a vocabulary for improvement goals

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

SLSA and FRSCA: Beyond Snacks and Soda! - Christopher Hanson, RX-M, llc.

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google