A tailored course, built for your situation
Become the go-to practitioner for SLSA adoption in your organisation
The structured way to lead SLSA integration with confidence and visibility
The situation this course is for
Strong ideas on software integrity get ignored without positional authority or repeatable methods
Who this is for
Senior product practitioner driving secure developer workflows
Who this is not for
Entry-level contributors, compliance auditors, or those without influence across engineering teams
What you walk away with
- Trusted reference for SLSA design decisions across teams
- Repeatable templates for SLSA Level 2+ implementation
- Precedent library with real-world build integrity examples
- Internal advocacy playbook for overcoming adoption friction
- Recognition as the primary contributor to secure supply chain standards
The 12 modules (with all 144 chapters)
- What SLSA solves in practice
- Tier 1 vs Tier 2 distinctions
- Build vs source integrity
- Provenance metadata essentials
- The role of attestations
- SLSA vs SBOM overlap
- Key stakeholders in adoption
- Common misinterpretations
- Mapping SLSA to CI/CD
- First-party vs third-party builds
- Human factors in compliance
- Toolchain expectations
- CI pipeline hygiene standards
- Build platform trust chains
- Immutable build logs
- Non-forgeable timestamps
- Access control boundaries
- Separation of duties setup
- Reproducibility thresholds
- Container build tracking
- Branch protection alignment
- Approval gate integration
- Audit trail completeness
- Developer onboarding flow
- Attestation schema breakdown
- Signing with Fulcio
- Timestamping via Rekor
- Attestation storage patterns
- Retrieval during audits
- Human vs machine attestation
- CI job context inclusion
- Provenance data fields
- JSON structure norms
- Signing key management
- Verification automation
- Supporting tooling
- Assessing current maturity
- Tier 1 quick wins
- Tier 2 readiness checklist
- Build environment hardening
- Source repository integrity
- Author verification methods
- Log integrity protection
- Preventing tampering
- Independent verification
- Policy enforcement tools
- Achieving reproducibility
- Automating compliance checks
- Framing for engineering leads
- Risk language that lands
- Speed vs security balance
- Executive summary templates
- Peer-level persuasion tactics
- Objection handling scripts
- Use case packaging
- Internal evangelism paths
- Success metric definition
- Storytelling with data
- Building coalition support
- Sustaining momentum
- SLSA and SBOM overlap points
- SPDX compatibility
- CycloneDX integration
- Attestation embedding
- Dependency provenance
- Component-level verification
- Automated SBOM generation
- Linking build to package
- Validation during deployment
- Security review triggers
- Audit preparation uses
- Cross-toolchain flow
- Build platform ownership
- Immutable OS images
- Network isolation
- Secrets management
- Build container security
- Host integrity checks
- Remote attestation
- Zero-trust principles
- Build worker identity
- Audit logging depth
- Tamper-evident storage
- Recovery from compromise
- Assessing vendor SLSA claims
- Attestation verification steps
- Trusted repository patterns
- Rekor log lookup
- Signing key validation
- Provenance data review
- Tier achievement confirmation
- Gap identification
- Remediation workflows
- Vendor engagement templates
- Escalation thresholds
- Reporting upstream issues
- Policy scoping
- Enforceability criteria
- Alignment with NIST SSDF
- Versioning practices
- Team-specific exceptions
- Compliance evidence types
- Automated policy checks
- Audit readiness planning
- Executive sign-off process
- Training obligations
- Documentation standards
- Review cycles
- Stakeholder mapping
- Champion network setup
- Pilot project selection
- Feedback loops
- Scaling lessons
- Team-specific onboarding
- Toolchain integration
- Progress tracking
- Incentive alignment
- Conflict resolution
- Governance committee role
- Sustainability planning
- Evidence collection checklist
- Attestation archives
- Build log retention
- Provenance storage
- Access control logs
- Third-party verification records
- Policy adherence proof
- Remediation history
- Timeline reconstruction
- Q&A preparation
- Internal dry runs
- External auditor expectations
- Change impact analysis
- Version upgrade planning
- Toolchain evolution
- Threat landscape updates
- Policy refresh cycles
- Team turnover onboarding
- Automation maintenance
- Incident response integration
- External standard alignment
- Feedback integration
- Metrics refinement
- Leadership reporting
How this maps to your situation
- Leading internal SLSA adoption
- Designing secure CI/CD pipelines
- Advocating for stronger supply chain standards
- Preparing for security audits
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: Approximately 60 minutes per week over 12 weeks, designed to fit around core responsibilities
How this compares to the alternatives
Unlike generic security courses, this program delivers specific, actionable frameworks for SLSA implementation, tested in real product-led engineering environments.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.