Skip to main content
Image coming soon

GEN6815 Mastering SLSA for Site Reliability Engineers

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Mastering SLSA for Site Reliability Engineers

Build supply chain integrity with confidence and precision

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Struggling to prioritize which security frameworks to deepen?

The situation this course is for

Many SREs are pulled in multiple directions, operational stability, audit readiness, incident response, without a clear path to own proactive security architecture. The result is reactive compliance and missed opportunities to lead.

Who this is for

Senior Site Reliability Engineer working in a high-velocity, cloud-native environment with growing responsibility for software supply chain integrity and platform security.

Who this is not for

This is not for junior engineers looking for introductory security training, nor for leaders seeking board-level talking points. It’s for hands-on practitioners ready to lead implementation.

What you walk away with

  • Architect SLSA-compliant pipelines tailored to service-critical workloads
  • Evaluate and select tooling with confidence using standardized scoring rubrics
  • Produce auditable attestations that reduce review cycles by 50%
  • Lead vendor integration decisions with clear, enforceable criteria
  • Demonstrate measurable progress from Level 1 to Level 4 SLSA compliance

The 12 modules (with all 144 chapters)

Module 1. SLSA Fundamentals and the Zero Trust Supply Chain
Establish core definitions, threat models, and the evolution from CI/CD security to SLSA-based integrity. Learn how Google, Atlassian, and the U.S. government are applying SLSA to reduce compromise risk in production.
12 chapters in this module
  1. What SLSA solves that other controls miss
  2. The four SLSA levels and what they mean
  3. Mapping SLSA to existing CI/CD pipelines
  4. Understanding tiered artifact signing
  5. Provenance and how it closes trust gaps
  6. When to apply SLSA vs. SBOM alone
  7. Role of attestations in audit trails
  8. Key stakeholders in implementation
  9. Common misconceptions about SLSA
  10. How open source projects adopt SLSA
  11. Integrating SLSA into incident response
  12. Tools that support SLSA natively
Module 2. Designing SLSA Level 1 Compliant Workflows
Implement baseline controls for source integrity, build process logging, and artifact signing. Create templates that scale across teams with minimal overhead.
12 chapters in this module
  1. Defining source repository controls
  2. Versioning source code traces
  3. Build metadata capture
  4. Basic provenance requirements
  5. Artifact signing with minified toolchains
  6. Storing builds in trusted registries
  7. Automating SLSA Level 1 checks
  8. Integrating with GitHub Actions
  9. Using Tekton for audit trails
  10. Validating with slsa-verifier
  11. Documentation for auditors
  12. Common Level 1 gaps
Module 3. Achieving SLSA Level 2 with Isolated Builds
Move beyond logging to isolation and verification. Configure build environments that prevent unauthorized changes and ensure reproducibility.
12 chapters in this module
  1. Why isolation matters at Level 2
  2. Containerizing build environments
  3. Immutable build definitions
  4. Verified environment toolchains
  5. Time-bound build windows
  6. Build reproducibility testing
  7. Using remote signing services
  8. Attestations with timestamping
  9. Cross-team synchronization
  10. Audit trail completeness
  11. Tooling choices: Tekton vs. Cloud Build
  12. Validation automation
Module 4. SLSA Level 3: Reusable and Reproducible Builds
Achieve high confidence in build integrity through full reproducibility and centralized control. Enable platform-wide reuse of trusted templates.
12 chapters in this module
  1. Defining reproducible build standards
  2. Container image base hardening
  3. Deterministic build flags
  4. Stable dependency resolution
  5. Persistent build service identity
  6. Signed build templates
  7. Golden pipeline pattern
  8. Cross-project reuse strategies
  9. Version-controlled build configs
  10. Testing for drift detection
  11. Automated rebuild triggers
  12. Audit readiness at scale
Module 5. SLSA Level 4: Fully Reproducible and Verified Builds
Implement the highest tier with dual independent builds and cryptographic verification. Prepare for regulatory and customer demands.
12 chapters in this module
  1. Dual build requirement explained
  2. Geographically distributed builds
  3. Independent toolchain validation
  4. Cryptographic rebuild matching
  5. Threshold signing schemes
  6. Time-locked attestation windows
  7. Third-party verification integration
  8. Customer-facing compliance packages
  9. Handling rebuild failures
  10. Automation for continuous verification
  11. Scaling across product lines
  12. Roadmap to full production rollout
Module 6. Attestations and Provenance in Practice
Generate, store, and verify machine-readable claims about software origin. Use in-house and open source tooling effectively.
12 chapters in this module
  1. What belongs in an attestation
  2. Using in-toto statements
  3. SLSA provenance format
  4. Storing attestations in transparency logs
  5. Verifying against public sources
  6. Automated policy checks
  7. Integrating with vulnerability scanners
  8. Handling expired attestations
  9. Multi-region attestation strategies
  10. Attestation lifecycle
  11. Tooling: Sigstore, Fulcio, Rekor
  12. Performance at scale
Module 7. Integrating with Existing CI/CD Systems
Adapt Jenkins, GitLab, and GitHub workflows to meet SLSA standards without sacrificing velocity.
12 chapters in this module
  1. CI/CD security maturity model
  2. Mapping pipeline stages to SLSA
  3. Pre-commit security checks
  4. Build environment hygiene
  5. Secrets management integration
  6. Approval gates for promotion
  7. Parallel testing with attestations
  8. Failure handling and rollback
  9. Monitoring SLSA compliance
  10. Alerting on non-compliant builds
  11. Versioning pipeline definitions
  12. Audit trail integration
Module 8. Vendor and Third-Party Software Assurance
Assess vendor compliance using SLSA, demand attestations, and build verification into procurement decisions.
12 chapters in this module
  1. Why third-party risk is rising
  2. Requesting SLSA attestations
  3. Validating vendor-provided data
  4. Minimum acceptable levels
  5. Scoring vendor maturity
  6. Contractual language suggestions
  7. Building a preferred vendor list
  8. Onboarding process updates
  9. Handling non-compliant vendors
  10. Customer assurance packages
  11. Cross-industry benchmarks
  12. Enabling customer verification
Module 9. Auditing and Continuous Compliance
Create living compliance that evolves with the system. Shift from periodic audits to continuous validation.
12 chapters in this module
  1. Defining continuous audit scope
  2. Automated evidence collection
  3. Policy-as-code for SLSA
  4. Alerting on compliance drift
  5. Preparing for external audits
  6. Generating auditor-ready reports
  7. Evidence retention policies
  8. Cross-team visibility
  9. Versioning audit logic
  10. Reducing auditor follow-ups
  11. Integrating with risk registers
  12. Audit cycle optimization
Module 10. Scaling SLSA Across Teams and Products
Drive adoption without mandates. Use templates, tooling, and peer influence to amplify impact.
12 chapters in this module
  1. Identifying early adopter teams
  2. Creating standardized templates
  3. Internal documentation hubs
  4. Peer review workflows
  5. Training champions
  6. Metrics that prove value
  7. Reducing cognitive load
  8. Self-service sign-up
  9. Feedback loops with engineering
  10. Handling resistance
  11. Scaling tooling infrastructure
  12. Governance without gatekeeping
Module 11. SLSA and SBOM: Integrating the Ecosystem
Combine SLSA with Software Bill of Materials for comprehensive software transparency.
12 chapters in this module
  1. How SBOM complements SLSA
  2. Generating SBOMs in pipelines
  3. Signing SBOMs with SLSA
  4. Vulnerability disclosure coordination
  5. Verifying dependency provenance
  6. Linking SBOM to attestations
  7. Tooling: Syft, Grype, CycloneDX
  8. Standard formats and interoperability
  9. Customer-facing transparency
  10. SBOM for incident response
  11. Regulatory expectations
  12. Future of software transparency
Module 12. Leading the Shift to Secure Supply Chains
Position yourself as the go-to practitioner for secure software delivery. Turn expertise into influence.
12 chapters in this module
  1. Building internal credibility
  2. Communicating value to leadership
  3. Writing internal RFPs
  4. Influencing architecture boards
  5. Shaping procurement policy
  6. Presenting at engineering forums
  7. Mentoring junior engineers
  8. Contributing to open source
  9. Sharing metrics responsibly
  10. Balancing security and velocity
  11. Defining career growth paths
  12. Owning the roadmap

How this maps to your situation

  • After a security audit revealed gaps in build provenance
  • Before onboarding a new vendor requiring SLSA Level 3
  • When scaling CI/CD pipelines across global teams
  • During planning for ISO 27001 or SOC 2 integration

Before vs. after

Before
Reactive, fragmented efforts to meet compliance demands without clear ownership or repeatable processes.
After
Proactive leadership on supply chain integrity with structured, auditable, and scalable implementation.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 3 hours per module, designed to fit around production cycles and on-call rotations.

If nothing changes
Without structured SLSA adoption, organizations face increasing audit friction, vendor pushback, and customer distrust, especially in regulated and cloud-native markets.

How this compares to the alternatives

Unlike generic DevSecOps courses, this program delivers exact implementation steps for SLSA levels, with templates and decision frameworks used in actual platform teams at scale.

Frequently asked

Is this course suitable for someone already using SBOMs?
Yes. This course builds on SBOM knowledge and shows how to layer SLSA for stronger assurance and verification.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Can I apply this in a hybrid cloud environment?
Yes. The course includes examples from multi-cloud and hybrid deployments, with focus on consistent controls.
$199 one-time. Approximately 3 hours per module, designed to fit around production cycles and on-call rotations..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours