Skip to main content
Image coming soon

MFG5077 Mastering SLSA for Software Supply Chain Governance Practitioners

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Mastering SLSA for Software Supply Chain Governance Practitioners

Build a compounding library of verifiable software attestations and reusable compliance artefacts across projects

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Starting from zero every time slows delivery and dilutes impact

The situation this course is for

Even skilled practitioners waste cycles recreating attestations, policy mappings, and compliance checks for each project. Without a growing library of trusted assets, work stays transactional and hard to scale.

Who this is for

Senior software engineer or governance practitioner shaping secure, compliant software delivery pipelines in high-trust environments

Who this is not for

Those seeking introductory overviews or unrelated to software supply chain controls

What you walk away with

  • Produce signed SLSA-level software attestations aligned with internal and external requirements
  • Build a personal repository of reusable policy mappings and framework crosswalks for SOC 2, ISO 27001, and NIST CSF
  • Reduce repeat effort in compliance reviews by 60% using prior artefacts as living templates
  • Gain influence in cross-team delivery forums by bringing proven, auditable documentation forward
  • Ship verifiable software supply chain evidence faster in response to partner or auditor requests

The 12 modules (with all 144 chapters)

Module 1. Understanding SLSA Framework Tiers
Break down SLSA levels 1 through 4 with real-world examples from cloud-native software supply chains.
12 chapters in this module
  1. Definition of SLSA
  2. Tier 1: Basic provenance
  3. Tier 2: Build integrity
  4. Tier 3: Verifiable builds
  5. Tier 4: Two-person review
  6. Build metadata structure
  7. SLSA Provenance spec v0.2
  8. Attestation signing workflows
  9. Example: OpenSSF projects
  10. Tier mapping to risk
  11. Vendor SLSA compliance
  12. Internal tier alignment
Module 2. Generating Reusable Provenance Attestations
Create signed build records that persist across teams and audits, reducing re-verification overhead.
12 chapters in this module
  1. Provenance payload structure
  2. Signing with keyless systems
  3. Integrating with CI/CD
  4. Automated provenance generation
  5. Standardizing output format
  6. Versioning attestations
  7. Storage and retrieval
  8. Cross-project reuse
  9. Metadata enrichment
  10. Audit trail linkage
  11. Tooling: Tekton Chains
  12. Template: Attestation manifest
Module 3. Mapping SLSA to Compliance Frameworks
Translate SLSA controls into SOC 2, ISO 27001, and NIST CSF requirements efficiently.
12 chapters in this module
  1. SOC 2 control mapping
  2. Provenance as evidence
  3. ISO 27001 A.12.6
  4. NIST CSF PR.DS-6
  5. Crosswalk documentation
  6. Compliance playbook structure
  7. Reusability principles
  8. Framework update tracking
  9. Audit preparation shortcuts
  10. Control overlap analysis
  11. Template: Control matrix
  12. Case study: Vendor review
Module 4. Building a Personal Artefact Library
Organize templates, attestations, and crosswalks to compound knowledge across engagements.
12 chapters in this module
  1. Repository structure
  2. Version control strategy
  3. Tagging for reuse
  4. Searchable metadata
  5. Access controls
  6. Change management
  7. Integration with team wiki
  8. Retention policies
  9. Export formats
  10. Cross-project borrowing
  11. Template: Folder hierarchy
  12. Case: Onboarding new teams
Module 5. Policy Design for Repeatable Enforcement
Write internal SLSA policies that scale across teams and reduce governance overhead.
12 chapters in this module
  1. Defining policy scope
  2. Tier adoption roadmap
  3. Enforcement tooling
  4. Policy as code
  5. Automated checks
  6. Human review triggers
  7. Exception handling
  8. Versioning process
  9. Stakeholder alignment
  10. Communication plan
  11. Template: Policy doc
  12. Example: CI pipeline gate
Module 6. SLSA Integration with SBOM Workflows
Link software attestations with SBOM generation to create holistic supply chain visibility.
12 chapters in this module
  1. SBOM format standards
  2. CycloneDX integration
  3. SPDX compatibility
  4. Attestation linkage
  5. Build-to-SBOM flow
  6. Validation checks
  7. Dependency provenance
  8. Tooling: Syft and Grype
  9. Automation pipeline
  10. Audit use cases
  11. Template: SBOM envelope
  12. Case: Partner audit request
Module 7. Cross-Functional Collaboration Patterns
Lead alignment between security, engineering, and compliance teams using standardized SLSA outputs.
12 chapters in this module
  1. Stakeholder mapping
  2. Governance forum role
  3. Evidence sharing
  4. Standardized reporting
  5. Escalation paths
  6. Feedback loops
  7. Metrics for success
  8. Trust building
  9. Conflict resolution
  10. Communication cadence
  11. Template: Status report
  12. Case: Incident response
Module 8. Automating Compliance Artefact Generation
Reduce manual effort by generating compliant documentation directly from build pipelines.
12 chapters in this module
  1. CI/CD integration
  2. Auto-generating templates
  3. Evidence packaging
  4. Versioned artefacts
  5. Approval workflows
  6. Audit readiness
  7. Tooling: Open Policy Agent
  8. Policy evaluation
  9. Reporting layer
  10. Human-in-the-loop
  11. Template: Auto-generated memo
  12. Case: Audit prep
Module 9. Maintaining Artefact Relevance Over Time
Keep your library updated as frameworks, tooling, and team needs evolve.
12 chapters in this module
  1. Change detection
  2. Update triggers
  3. Review cycles
  4. Version comparisons
  5. Deprecation process
  6. Stakeholder notification
  7. Backward compatibility
  8. Migration planning
  9. Archiving old versions
  10. Knowledge transfer
  11. Template: Update log
  12. Case: Framework upgrade
Module 10. Scaling Reuse Across Teams
Expand the value of individual artefacts into team-wide and org-wide practices.
12 chapters in this module
  1. Sharing model
  2. Governance model
  3. Feedback collection
  4. Adoption metrics
  5. Training materials
  6. Internal advocacy
  7. Community building
  8. Standards committees
  9. Template adoption
  10. Success stories
  11. Template: Rollout plan
  12. Case: Multi-team rollout
Module 11. Responding to Audit Requests with Confidence
Use pre-built, verifiable artefacts to answer auditor queries quickly and authoritatively.
12 chapters in this module
  1. Auditor expectations
  2. Documentation structure
  3. Response templates
  4. Evidence packaging
  5. Internal review
  6. Version traceability
  7. Attestation chaining
  8. Timeline alignment
  9. Cross-framework mapping
  10. Rehearsal process
  11. Template: Audit response
  12. Case: Third-party review
Module 12. Continuous Improvement of the Artefact Library
Refine and expand your compounding asset base using real-world delivery feedback.
12 chapters in this module
  1. Feedback integration
  2. Gap analysis
  3. Template refinement
  4. Tooling updates
  5. User surveys
  6. Performance metrics
  7. Iteration planning
  8. Knowledge capture
  9. Lessons learned
  10. Version roadmap
  11. Template: Improvement log
  12. Case: Year-over-year evolution

How this maps to your situation

  • New project initiation
  • Cross-team delivery alignment
  • Audit or partner review
  • Framework update or policy refresh

Before vs. after

Before
Starting from scratch on each software delivery engagement, recreating attestations and compliance mappings.
After
Leveraging a growing library of proven, reusable assets to accelerate delivery and deepen trust across stakeholders.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 3 hours per module, with flexibility to engage at your own pace.

If nothing changes
Without a compounding asset strategy, practitioners remain stuck in reactive, transactional work, limiting strategic influence and increasing rework across the software lifecycle.

How this compares to the alternatives

Unlike generic compliance courses, this program focuses on building tangible, reusable artefacts within the SLSA framework, specifically designed for practitioners shaping secure software delivery.

Frequently asked

Is this course about SLSA implementation only, or broader supply chain security?
It centers on SLSA as a foundation but teaches how to extend its outputs into broader governance and compliance contexts.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Can I apply the templates across different teams or organizations?
Yes, artefacts are designed for portability and reuse, with customization guidance included.
$199 one-time. Approximately 3 hours per module, with flexibility to engage at your own pace..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours