Skip to main content
Image coming soon

Standing Reference on SLSA for Engineering Leaders

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Standing Reference on SLSA for Engineering Leaders

Become the internal authority on secure software supply chain frameworks others consult first

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.

Who this is for

Engineering-adjacent program leader in a high-velocity software org, trusted across teams but not formally in security or architecture

Who this is not for

Dedicated software supply chain security engineers who already own SLSA rollout, or ICs focused exclusively on tooling configuration

What you walk away with

  • Recognized as the first internal name for SLSA interpretation and application
  • Proven templates to implement SLSA levels 1-4 across diverse build environments
  • Internal credibility to guide engineering teams without being in their chain of command
  • Documented framework for evaluating build integrity claims from vendors and open-source projects
  • Repeatable process to align security, engineering, and product on SLSA adoption milestones

The 12 modules (with all 144 chapters)

Module 1. SLSA Fundamentals and Real-World Adoption Patterns
Understand why SLSA is gaining traction across cloud-native environments, with specific examples from large-scale software delivery organizations. Learn how maturity differs from theoretical compliance.
12 chapters in this module
  1. Origins of SLSA at Google
  2. Why not SBOMs alone suffice
  3. Key stakeholders in adoption
  4. Level 1 vs Level 4 scope
  5. How Atlassian teams approach build integrity
  6. Common missteps in rollout
  7. Vendor pressure points
  8. Open source project readiness
  9. Internal resistance patterns
  10. Executive questions to anticipate
  11. Mapping to NIST SSDF
  12. First-mover advantage cases
Module 2. Provenance Deep Dive
Master the technical and procedural foundations of provenance in SLSA, focusing on build systems and artifact attestation. Gain confidence in evaluating claims.
12 chapters in this module
  1. What provenance really means
  2. Build platform requirements
  3. Attestation formats compared
  4. Signing pipeline outputs
  5. Timestamp authority role
  6. Verifying third-party claims
  7. Internal logging standards
  8. Toolchain integration points
  9. K8s-native build setups
  10. CI system audit trails
  11. Evidence collection workflow
  12. Common gaps in attestation
Module 3. Build Integrity Assurance
Ensure builds are reproducible and tamper-evident. Learn how to validate environment integrity and enforce controls across CI workflows.
12 chapters in this module
  1. Reproducibility reality check
  2. Docker layer hashing
  3. Base image provenance
  4. Controlled build environments
  5. Secrets in pipeline protection
  6. Vulnerability scanning triggers
  7. Binary transparency logs
  8. Build metadata completeness
  9. Container signing workflows
  10. Time-bound build validity
  11. Rebuild validation timing
  12. Audit trail completeness
Module 4. Source Authenticity and Protection
Secure the earliest link in the chain: source control. Implement policies that ensure only authorized changes enter the pipeline.
12 chapters in this module
  1. Git history integrity
  2. Signed commits at scale
  3. Branch protection rules
  4. PR approval chains
  5. Automated gate enforcement
  6. Emergency bypass logging
  7. Fork protection patterns
  8. Monorepo vs polyrepo trade-offs
  9. Code ownership validation
  10. Reviewer authority levels
  11. Audit-ready history logs
  12. Supply chain hijacking examples
Module 5. SLSA Level Mapping and Progression
Guide teams through realistic level progression. Understand what each level requires in practice, not just on paper.
12 chapters in this module
  1. Level 1 as entry point
  2. Level 2 timestamp requirements
  3. Level 3 attestation depth
  4. Level 4 build redundancy
  5. Team readiness assessment
  6. Tooling maturity benchmarks
  7. Cross-org coordination needs
  8. Security review gates
  9. Documentation expectations
  10. External validation prep
  11. Internal certification process
  12. Roadmap alignment techniques
Module 6. Integrating SLSA with Existing CI/CD
Adapt SLSA to existing pipelines without halting delivery. Learn where to start and what to prioritize.
12 chapters in this module
  1. CI system compatibility
  2. Jenkins plugin ecosystem
  3. GitHub Actions integration
  4. GitLab CI enhancements
  5. Buildkite adaptability
  6. Argo Workflows support
  7. Monitoring integration points
  8. Failure mode detection
  9. Rollback preparedness
  10. Significance of uptime logs
  11. Pipeline observability
  12. Alerting on attestation gaps
Module 7. Vendor and Third-Party SLSA Assessment
Evaluate external partners using SLSA as a benchmark. Gain leverage in procurement and integration decisions.
12 chapters in this module
  1. Requesting SLSA attestations
  2. Validating provided proofs
  3. Gaps in vendor documentation
  4. Escalation paths for non-compliance
  5. Minimum bar for onboarding
  6. Open source library evaluation
  7. Transitive dependency risks
  8. SBOM correlation with SLSA
  9. Third-party audit reports
  10. Certification reciprocity
  11. Contractual obligations
  12. Liability implications
Module 8. Internal Advocacy and Change Management
Lead SLSA adoption without formal authority. Build coalitions and overcome inertia using proven influence tactics.
12 chapters in this module
  1. Identifying early adopters
  2. Engineering team motivations
  3. Security team alignment
  4. Product manager incentives
  5. Leadership messaging
  6. Pilot project selection
  7. Success metric definition
  8. Feedback loop design
  9. Documentation ownership
  10. Training rollout timing
  11. Champion network growth
  12. Metrics for buy-in
Module 9. Policy Design for SLSA Compliance
Write policies that stick. Translate framework requirements into enforceable, maintainable standards.
12 chapters in this module
  1. Policy scope definition
  2. Enforceable vs aspirational
  3. Version control for policies
  4. Review cycle cadence
  5. Exception handling process
  6. Automated compliance checks
  7. Staged rollout plans
  8. Metrics for adherence
  9. Audit trail requirements
  10. Stakeholder sign-off
  11. Legal team alignment
  12. Policy decomposition patterns
Module 10. Auditing and Continuous Verification
Design audit processes that verify SLSA compliance without slowing delivery. Focus on automation and repeatable checks.
12 chapters in this module
  1. Audit scope planning
  2. Sampling vs full verification
  3. Automated attestation checks
  4. Log retention policies
  5. Incident response triggers
  6. Tooling for continuous check
  7. False positive handling
  8. Remediation workflows
  9. Audit report templates
  10. Stakeholder distribution
  11. Regulatory alignment
  12. Lessons from real audits
Module 11. Scaling SLSA Across Teams
Extend SLSA adoption beyond pilot teams. Manage complexity and ensure consistency without central bottleneck.
12 chapters in this module
  1. Center of excellence model
  2. Internal training design
  3. Template sharing patterns
  4. Cross-team sync meetings
  5. Standardization vs flexibility
  6. Ownership model options
  7. Knowledge transfer workflows
  8. Support channel structure
  9. Metrics for scale
  10. Tooling standardization
  11. Documentation portals
  12. Lessons from early adopters
Module 12. Future-Proofing and Framework Evolution
Stay ahead of changes in SLSA and related standards. Position yourself as the long-term steward of supply chain security.
12 chapters in this module
  1. SLSA roadmap awareness
  2. NIST SSDF alignment
  3. CISA guidance updates
  4. Industry working groups
  5. OpenSSF contributions
  6. Version transition planning
  7. Deprecation timelines
  8. Feedback to maintainers
  9. Alternative frameworks
  10. Insurance requirement trends
  11. Legal precedent tracking
  12. Adaptation playbooks

How this maps to your situation

  • When engineering teams resist new build constraints
  • Before vendor software is approved for integration
  • During security audit prep cycles
  • After a supply chain incident elsewhere in the sector

Before vs. after

Before
SLSA discussions feel fragmented, with unclear ownership and inconsistent application across teams.
After
You're the recognized practitioner others turn to for guidance, with a documented approach that scales across contexts.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 3 hours per module, designed for integration into real-world delivery cycles.

If nothing changes
Without structured knowledge, SLSA efforts remain ad hoc, limiting influence and leaving gaps in supply chain assurance just as scrutiny increases.

How this compares to the alternatives

Unlike generic compliance courses, this focuses on practitioner-level SLSA application with templates and decision frameworks you can use immediately in engineering environments.

Frequently asked

Is this course technical?
It's designed for program and delivery leaders who need to understand and guide technical implementation without doing the hands-on work.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Can I apply this outside Atlassian?
Yes. The reasoning, templates, and frameworks are built for any software delivery organization facing supply chain assurance demands.
$199 one-time. Approximately 3 hours per module, designed for integration into real-world delivery cycles..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours