Skip to main content
Image coming soon

GEN5182 Mastering SLSA for Software Integrity Engineers

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Mastering SLSA for Software Integrity Engineers

Build verifiable, production-grade software supply chain safeguards with precision and speed

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Most SLSA implementations stall in the gap between theory and working code, delays that slow down release cycles and erode trust.

The situation this course is for

Teams know SLSA is critical, but struggle to translate its controls into deployable, auditable configurations. The documentation is broad, the tooling fragmented, and the path from 'compliant in concept' to 'verified in production' is rarely linear. Without a clear playbook, even strong engineers waste days reconciling specs with CI/CD requirements, reworking attestations, or revalidating build steps, time that should be spent shipping securely.

Who this is for

Software integrity engineers, platform security leads, and DevSecOps practitioners in cloud-first organizations who need to implement SLSA Level 3+ controls with speed and precision.

Who this is not for

Engineers focused only on runtime security or network perimeter controls, or those without direct responsibility for build pipeline integrity or software attestation.

What you walk away with

  • Produce signed, verifiable SLSA attestations in under 48 hours
  • Confidently map SLSA controls to CI/CD pipeline stages
  • Deploy hardened, repeatable build environments aligned with SLSA Provenance
  • Reduce review cycles for compliance sign-off by 60%
  • Own end-to-end implementation from framework to production artifact

The 12 modules (with all 144 chapters)

Module 1. SLSA Framework Fundamentals
Establish a working understanding of SLSA levels, components, and core implementation patterns used by leading cloud platforms.
12 chapters in this module
  1. What SLSA solves that other frameworks don’t
  2. Breakdown of SLSA Level 1 vs Level 3 requirements
  3. Key roles in SLSA implementation
  4. Trusted artifacts vs trusted builds
  5. How SLSA integrates with software supply chain layers
  6. Common misconceptions about attestation
  7. Mapping SLSA to development lifecycle phases
  8. The role of determinism in build environments
  9. Understanding provenance in practice
  10. SLSA and zero-trust software delivery
  11. How regulators view SLSA compliance
  12. Common pitfalls in early adoption
Module 2. Build Environment Hardening
Secure the foundation of your SLSA compliance with locked-down, reproducible build systems.
12 chapters in this module
  1. Isolating build contexts
  2. Immutable container images
  3. Minimal base images for attestations
  4. Network lockdown during build
  5. Access control for build agents
  6. Time-bound build credentials
  7. Disabling interactive shells
  8. Enforcing non-root execution
  9. Binary provenance verification
  10. Build graph integrity checks
  11. Securing dependency ingestion
  12. Validating build entrypoints
Module 3. Attestation Generation Workflow
Automate the creation of signed, verifiable attestations tied to build outputs.
12 chapters in this module
  1. Signing with Keyless PKI
  2. Identity binding to attestations
  3. Using Fulcio and TUF
  4. Generating SLSA provenance
  5. Signing artifacts with Cosign
  6. Timestamping with Rekor
  7. Automating attestation in CI
  8. Validation pipeline triggers
  9. Attestation schema structure
  10. Provenance metadata fields
  11. Signing across multiple stages
  12. Re-signing on rebuild
Module 4. Provenance Validation Pipeline
Implement automated checks that verify SLSA compliance before deployment.
12 chapters in this module
  1. Parsing provenance files
  2. Validating signature chains
  3. Checking build environment integrity
  4. Verifying source repository links
  5. Enforcing level-specific controls
  6. Policy engine configuration
  7. Using Kyverno or OPA
  8. Integration with admission controllers
  9. Fail-fast on invalid attestations
  10. Audit trail for validation events
  11. Handling legacy component exceptions
  12. Automated remediation paths
Module 5. CI/CD Integration Strategy
Embed SLSA controls directly into development pipelines without slowing delivery.
12 chapters in this module
  1. Pipeline-as-code design
  2. Triggering attestation builds
  3. Parallel validation stages
  4. Caching with integrity
  5. Environment promotion gates
  6. Dependency pinning
  7. Build reproducibility checks
  8. Logging for compliance
  9. Monitoring attestation status
  10. Failover for signing services
  11. Scaling attestations across repos
  12. Managing secrets in CI
Module 6. Control Mapping to Frameworks
Align SLSA implementation with ISO 27001, NIST SSDF, and SOC 2 controls.
12 chapters in this module
  1. SLSA vs NIST SSDF mapping
  2. Crosswalk to ISO 27001 A.14 controls
  3. SOC 2 Trust Service Criteria alignment
  4. Mapping to CISA SSDF priorities
  5. GDPR data integrity implications
  6. Linking to SBOM generation
  7. Attestation as audit evidence
  8. Documenting control coverage
  9. Internal audit package assembly
  10. Third-party review preparation
  11. Evidence retention policies
  12. Automating compliance reporting
Module 7. Reproducible Build Design
Design deterministic builds that produce bit-for-bit identical outputs.
12 chapters in this module
  1. Deterministic file ordering
  2. Time normalization in builds
  3. User and group ID handling
  4. Locale and timezone settings
  5. Compiler flag consistency
  6. Dependency resolution ordering
  7. Random seed control
  8. Build path normalization
  9. Hashing strategies
  10. Comparing outputs across platforms
  11. Detecting non-reproducible steps
  12. Fixing common reproducibility breaks
Module 8. Signing Infrastructure Setup
Deploy scalable, keyless signing infrastructure for team-wide attestation.
12 chapters in this module
  1. Keyless vs key-based signing
  2. Integrating with OIDC providers
  3. Identity federation setup
  4. Workload identity configuration
  5. Setting up signing authorities
  6. Certificate chain validation
  7. Short-lived key rotation
  8. Signing request rate limits
  9. High availability for signers
  10. Monitoring signing throughput
  11. Alerting on signing failures
  12. Audit logging for signer access
Module 9. SLSA Level 3 Implementation
Achieve end-to-end compliance with SLSA Level 3 requirements in production systems.
12 chapters in this module
  1. Level 3 build environment criteria
  2. Build platform isolation
  3. Authenticated entrypoints
  4. Controlled dependency ingestion
  5. Hardened CI runners
  6. Build graph completeness
  7. Provenance completeness
  8. Signing policy enforcement
  9. Automated rebuild capability
  10. Verifiable rebuild triggers
  11. Immutable logs for builds
  12. Third-party auditor access setup
Module 10. Internal Audit & Verification
Prepare for compliance reviews with complete, verifiable documentation.
12 chapters in this module
  1. Attestation storage strategy
  2. Versioned policy documents
  3. Control implementation logs
  4. Audit trail completeness
  5. Reviewer access provisioning
  6. Automated evidence collection
  7. Gap assessment templates
  8. Remediation tracking workflow
  9. Cross-team validation
  10. Leadership reporting pack
  11. External auditor handoff
  12. Continuous verification cycle
Module 11. Scaling Across Repositories
Extend SLSA compliance across multiple teams and codebases without duplication.
12 chapters in this module
  1. Template-driven setup
  2. Centralized signing service
  3. Policy-as-code deployment
  4. Automated onboarding flow
  5. Role-based access to attestations
  6. Cross-repo dependency tracking
  7. Standardized metadata schema
  8. Shared build environments
  9. Monitoring compliance drift
  10. Reporting across units
  11. Automated non-compliance alerts
  12. Versioning framework updates
Module 12. Sustained Compliance Operations
Maintain SLSA compliance through updates, team changes, and infrastructure shifts.
12 chapters in this module
  1. Change control for build pipelines
  2. Attestation versioning
  3. Handling deprecated tooling
  4. Team onboarding for SLSA
  5. Incident response with attestations
  6. Disaster recovery planning
  7. Backup of signing keys
  8. Rotation of identity providers
  9. Updating policy documents
  10. External audit readiness
  11. Continuous control monitoring
  12. Year-over-year compliance tracking

How this maps to your situation

  • When starting a new SLSA implementation
  • During compliance audit prep
  • Before platform-wide rollout
  • After security incident review

Before vs. after

Before
SLSA deployment takes weeks of manual mapping, rework, and cross-team coordination, with frequent validation failures and audit gaps.
After
You ship compliant, attested builds in days, with automated validation, clear control mappings, and documentation ready for internal or external review.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 18 hours of focused work, designed to be completed in parallel with active implementation cycles.

If nothing changes
Without structured implementation, SLSA efforts remain partial or fragile, leaving software supply chains exposed to compromise, delaying audits, and increasing operational overhead when compliance is challenged.

How this compares to the alternatives

Unlike generic SLSA overviews or vendor-specific tutorials, this course delivers a complete, role-specific implementation system, combining framework mastery, CI/CD integration patterns, and verifiable artefact generation tailored to software integrity engineers.

Frequently asked

Who is this course for?
Software integrity engineers, platform security leads, and DevSecOps practitioners implementing SLSA in production environments.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Can I apply this to non-Google ecosystems?
Yes. The course is platform-agnostic and applies SLSA principles across CI/CD systems including GitHub Actions, GitLab CI, Jenkins, and custom pipelines.
$199 one-time. Approximately 18 hours of focused work, designed to be completed in parallel with active implementation cycles..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours