Skip to main content
Image coming soon

More Defensible Software Supply Chain Outputs with SLSA

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

More Defensible Software Supply Chain Outputs with SLSA

Produce audit-ready, high-integrity software artefacts consistently and with confidence

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.

Who this is for

Mid-to-senior level practitioner in software engineering, platform governance, or internal tooling at a technology company with public SaaS products and a focus on secure development lifecycle practices

Who this is not for

Entry-level developers without ownership of build pipelines or release artefacts, or practitioners focused exclusively on frontend UX or marketing tech stacks

What you walk away with

  • Generate software supply chain artefacts with higher accuracy and completeness the first time
  • Produce SLSA-compliant provenance data that survives auditor follow-up questions
  • Reduce rework cycles when responding to internal or external review requests
  • Build repeatable templates for attestation and verification that compound across projects
  • Demonstrate mastery of SLSA levels with working examples applicable to real release pipelines

The 12 modules (with all 144 chapters)

Module 1. Foundations of Software Supply Chain Integrity
Establish core concepts of artifact provenance, build determinism, and integrity verification as defined by SLSA. Understand how these principles elevate output quality across teams.
12 chapters in this module
  1. What makes a software artifact verifiable
  2. The role of reproducible builds
  3. Integrity vs authenticity in distribution
  4. Trusted build platforms and their controls
  5. Key components of SLSA framework
  6. SLSA Level 1 vs higher thresholds
  7. Build steps as data sources
  8. Metadata completeness criteria
  9. Signing vs attestation
  10. Common gaps in initial implementations
  11. Version control provenance tracking
  12. First steps toward compliant output
Module 2. Designing for SLSA Level Compliance
Map project requirements to SLSA levels and define achievable targets for artifact integrity based on risk profile and deployment context.
12 chapters in this module
  1. Assessing project risk tiers
  2. Mapping controls to SLSA Level 2
  3. Build platform requirements for Level 3
  4. Identity and access in build systems
  5. Separation of duties in CI/CD
  6. Source repository protections
  7. Trigger validation rules
  8. Provenance metadata schema
  9. Signing key management
  10. Immutable logs and timestamps
  11. Attestation format selection
  12. Compliance threshold planning
Module 3. Implementing Trusted Build Environments
Configure build platforms to meet SLSA requirements for integrity, isolation, and verifiable execution history.
12 chapters in this module
  1. Hardened container images
  2. Minimal build base images
  3. Network egress controls
  4. Build step logging
  5. Resource identity binding
  6. Task-specific service accounts
  7. Build graph validation
  8. Dependency pinning
  9. Artifact immutability settings
  10. Log export to secure storage
  11. Time-bound execution windows
  12. Post-build scan integration
Module 4. Generating Verifiable Provenance
Produce complete, machine-readable provenance data that survives external validation and audit scrutiny.
12 chapters in this module
  1. Provenance schema structure
  2. Subject artifact reference
  3. Builder identity assertion
  4. Build config input listing
  5. Materials consumed list
  6. Build environment specs
  7. Invocation parameters
  8. Metadata timestamps
  9. Signature format standards
  10. Public key inclusion
  11. Metadata expiration rules
  12. Verification script bundling
Module 5. Enforcing Build Reproducibility
Ensure outputs are deterministic and independently verifiable through configuration and tooling.
12 chapters in this module
  1. Source normalization methods
  2. Timestamp removal techniques
  3. Random seed control
  4. File order consistency
  5. Compiler flag standardization
  6. Dependency version locking
  7. Build environment snapshots
  8. Rebuild trigger workflows
  9. Diff-based validation
  10. Automated rebuild verification
  11. Tolerance thresholds for variation
  12. Handling non-reproducible components
Module 6. Signing and Attestation Workflows
Integrate cryptographic signing and attestation into release pipelines to support downstream verification.
12 chapters in this module
  1. Key management best practices
  2. Hardware vs software keys
  3. Short-lived key rotation
  4. Signature bundling methods
  5. Attestation types overview
  6. SLSA provenance attestation
  7. Vulnerability attestations
  8. License compliance statements
  9. Policy evaluation results
  10. Attestation aggregation
  11. Signature verification automation
  12. Multi-party signing models
Module 7. Validating Supply Chain Artefacts
Verify incoming dependencies and third-party components against SLSA criteria to strengthen downstream security.
12 chapters in this module
  1. Trusted source identification
  2. Provenance data retrieval
  3. Signature verification steps
  4. Attestation validation logic
  5. Policy engine integration
  6. SLSA level conformance checks
  7. Dependency tree analysis
  8. Vulnerability data correlation
  9. Transitive dependency risks
  10. Automated validation gates
  11. Manual review triggers
  12. Escalation procedures
Module 8. Integrating with CI/CD Pipelines
Embed SLSA controls directly into automated build and release workflows for seamless compliance.
12 chapters in this module
  1. Pipeline trigger validation
  2. Pre-build environment checks
  3. Provenance generation step
  4. Signing step placement
  5. Post-build verification
  6. Failure handling logic
  7. Pipeline-as-code templates
  8. Reusable configuration modules
  9. Pipeline versioning
  10. Change approval workflows
  11. Audit trail capture
  12. Pipeline health monitoring
Module 9. Documenting Compliance Artefacts
Produce clear, auditable documentation packages that demonstrate SLSA conformance without rework.
12 chapters in this module
  1. Compliance narrative drafting
  2. Control mapping templates
  3. Evidence collection checklist
  4. Audit trail alignment
  5. Cross-reference index building
  6. Glossary of terms
  7. Version history tracking
  8. Responsible party attribution
  9. External reviewer guidance
  10. Frequently asked questions prep
  11. Common auditor inquiries
  12. Evidence retention schedule
Module 10. Responding to Auditor Inquiries
Prepare for and confidently answer follow-up questions from internal or external reviewers using structured evidence.
12 chapters in this module
  1. Predicting likely questions
  2. Evidence indexing strategy
  3. Response drafting templates
  4. Escalation path definition
  5. Timeline reconstruction
  6. Build environment recreation
  7. Provenance data access
  8. Third-party verification access
  9. Legal hold procedures
  10. Confidentiality handling
  11. Response review workflow
  12. Post-audit feedback loop
Module 11. Scaling SLSA Across Teams
Extend SLSA adoption across engineering groups with consistent tooling, templates, and support structures.
12 chapters in this module
  1. Adoption roadmap planning
  2. Cross-team onboarding plan
  3. Centralized tooling strategy
  4. Shared template library
  5. Training material development
  6. Support channel setup
  7. Feedback collection system
  8. Compliance dashboarding
  9. Team-specific adaptations
  10. Maturity assessment model
  11. Internal audit program
  12. Recognition and incentives
Module 12. Sustaining Long-Term Compliance
Maintain SLSA compliance over time with automated checks, policy updates, and continuous improvement.
12 chapters in this module
  1. Automated conformance scanning
  2. Policy update workflows
  3. Toolchain upgrade planning
  4. New team onboarding process
  5. External standard alignment
  6. Regulatory change tracking
  7. Annual review cycle
  8. Lessons learned documentation
  9. Incident response integration
  10. Third-party audit prep
  11. Public disclosure readiness
  12. Community contribution

How this maps to your situation

  • When preparing for an external audit
  • While designing a new build pipeline
  • After a security review identifies gaps
  • During rollout of secure software supply chain practices

Before vs. after

Before
Spending extra cycles refining software supply chain outputs for review, often rebuilding provenance data or filling gaps under time pressure
After
Producing accurate, complete, and defensible artefacts the first time, ready for audit or escalation without rework

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 3 hours per module, designed to be completed at your pace over 6-8 weeks with full access to all materials immediately upon enrollment.

If nothing changes
Continuing to rely on ad hoc or incomplete software supply chain controls increases the likelihood of rework during audits, delays in release cycles, and reputational exposure if a compromised artifact enters production.

How this compares to the alternatives

Unlike generic security training or vendor-specific tool courses, this program focuses exclusively on producing higher-quality, defensible software supply chain outputs using SLSA, a skill increasingly required in modern engineering organizations but rarely taught with concrete implementation detail.

Frequently asked

Is this course specific to any cloud provider or CI/CD platform?
No. The principles apply across environments. Examples are cloud-agnostic and focus on implementation patterns rather than platform-specific syntax.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Will I receive a certificate upon completion?
Yes. A certificate of completion is issued after finishing all modules and passing the final assessment.
$199 one-time. Approximately 3 hours per module, designed to be completed at your pace over 6-8 weeks with full access to all materials immediately upon enrollment..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours