What exactly is Supply-chain Levels for Software Artifacts (SLSA)?
September 25, 2023 at 3:50:00 p.m.
Have you heard mention of Supply-chain Levels for Software Artifacts (SLSA)? If you have, but you are unsure what exactly they are asking for, this talk is for you.
I’ll explain what the SLSA framework is, how it fits into your development process, and a variety of tools you can use to attest your desired level of SLSA.
In addition I’ll go over the changes from SLSA version 0 to SLSA version 1.0, most notably that instead of one SLSA Level (1-4), there are now separate tracks (Build 1-3, Build 4, Source)