A tailored course, built for your situation
Mastering SLSA for Software Supply Chain Governance Practitioners
Build a compounding library of verifiable software attestations and reusable compliance artefacts across projects
The situation this course is for
Even skilled practitioners waste cycles recreating attestations, policy mappings, and compliance checks for each project. Without a growing library of trusted assets, work stays transactional and hard to scale.
Who this is for
Senior software engineer or governance practitioner shaping secure, compliant software delivery pipelines in high-trust environments
Who this is not for
Those seeking introductory overviews or unrelated to software supply chain controls
What you walk away with
- Produce signed SLSA-level software attestations aligned with internal and external requirements
- Build a personal repository of reusable policy mappings and framework crosswalks for SOC 2, ISO 27001, and NIST CSF
- Reduce repeat effort in compliance reviews by 60% using prior artefacts as living templates
- Gain influence in cross-team delivery forums by bringing proven, auditable documentation forward
- Ship verifiable software supply chain evidence faster in response to partner or auditor requests
The 12 modules (with all 144 chapters)
- Definition of SLSA
- Tier 1: Basic provenance
- Tier 2: Build integrity
- Tier 3: Verifiable builds
- Tier 4: Two-person review
- Build metadata structure
- SLSA Provenance spec v0.2
- Attestation signing workflows
- Example: OpenSSF projects
- Tier mapping to risk
- Vendor SLSA compliance
- Internal tier alignment
- Provenance payload structure
- Signing with keyless systems
- Integrating with CI/CD
- Automated provenance generation
- Standardizing output format
- Versioning attestations
- Storage and retrieval
- Cross-project reuse
- Metadata enrichment
- Audit trail linkage
- Tooling: Tekton Chains
- Template: Attestation manifest
- SOC 2 control mapping
- Provenance as evidence
- ISO 27001 A.12.6
- NIST CSF PR.DS-6
- Crosswalk documentation
- Compliance playbook structure
- Reusability principles
- Framework update tracking
- Audit preparation shortcuts
- Control overlap analysis
- Template: Control matrix
- Case study: Vendor review
- Repository structure
- Version control strategy
- Tagging for reuse
- Searchable metadata
- Access controls
- Change management
- Integration with team wiki
- Retention policies
- Export formats
- Cross-project borrowing
- Template: Folder hierarchy
- Case: Onboarding new teams
- Defining policy scope
- Tier adoption roadmap
- Enforcement tooling
- Policy as code
- Automated checks
- Human review triggers
- Exception handling
- Versioning process
- Stakeholder alignment
- Communication plan
- Template: Policy doc
- Example: CI pipeline gate
- SBOM format standards
- CycloneDX integration
- SPDX compatibility
- Attestation linkage
- Build-to-SBOM flow
- Validation checks
- Dependency provenance
- Tooling: Syft and Grype
- Automation pipeline
- Audit use cases
- Template: SBOM envelope
- Case: Partner audit request
- Stakeholder mapping
- Governance forum role
- Evidence sharing
- Standardized reporting
- Escalation paths
- Feedback loops
- Metrics for success
- Trust building
- Conflict resolution
- Communication cadence
- Template: Status report
- Case: Incident response
- CI/CD integration
- Auto-generating templates
- Evidence packaging
- Versioned artefacts
- Approval workflows
- Audit readiness
- Tooling: Open Policy Agent
- Policy evaluation
- Reporting layer
- Human-in-the-loop
- Template: Auto-generated memo
- Case: Audit prep
- Change detection
- Update triggers
- Review cycles
- Version comparisons
- Deprecation process
- Stakeholder notification
- Backward compatibility
- Migration planning
- Archiving old versions
- Knowledge transfer
- Template: Update log
- Case: Framework upgrade
- Sharing model
- Governance model
- Feedback collection
- Adoption metrics
- Training materials
- Internal advocacy
- Community building
- Standards committees
- Template adoption
- Success stories
- Template: Rollout plan
- Case: Multi-team rollout
- Auditor expectations
- Documentation structure
- Response templates
- Evidence packaging
- Internal review
- Version traceability
- Attestation chaining
- Timeline alignment
- Cross-framework mapping
- Rehearsal process
- Template: Audit response
- Case: Third-party review
- Feedback integration
- Gap analysis
- Template refinement
- Tooling updates
- User surveys
- Performance metrics
- Iteration planning
- Knowledge capture
- Lessons learned
- Version roadmap
- Template: Improvement log
- Case: Year-over-year evolution
How this maps to your situation
- New project initiation
- Cross-team delivery alignment
- Audit or partner review
- Framework update or policy refresh
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: Approximately 3 hours per module, with flexibility to engage at your own pace.
How this compares to the alternatives
Unlike generic compliance courses, this program focuses on building tangible, reusable artefacts within the SLSA framework, specifically designed for practitioners shaping secure software delivery.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.