Skip to main content
Image coming soon

Reference of Choice on SLSA Implementation Questions

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Reference of Choice on SLSA Implementation Questions

Become the internal expert your team turns to for secure software supply chain decisions

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Being the default answer on SLSA questions within your organization

The situation this course is for

Even strong practitioners hesitate when asked to explain SLSA level transitions or justify build environment controls without clear reference material or implementation history.

Who this is for

Senior platform or security engineer operating in a regulated, engineering-intensive environment with growing software supply chain scrutiny

Who this is not for

This is not for entry-level administrators or those focused solely on end-user tooling. It assumes experience with systematizing compliance across development workflows.

What you walk away with

  • Lead SLSA Level 1 to Level 3 transitions with documented rationale
  • Field peer escalation calls on provenance, build integrity, and signing workflows
  • Produce audit-ready attestation packages that survive technical scrutiny
  • Advise product teams on minimal-friction SLSA integration paths
  • Serve as the internal reference point for SLSA in vendor reviews and architecture gates

The 12 modules (with all 144 chapters)

Module 1. SLSA Fundamentals and Industry Adoption
Ground your understanding in the real-world evolution of SLSA, its role in modern compliance, and where it fits among SBOM and NIST SSDF. Learn how top tech firms operationalize each level.
12 chapters in this module
  1. Origins of SLSA in software integrity
  2. Key players in SLSA ecosystem
  3. SLSA vs SBOM: distinct roles
  4. NIST SSDF mapping
  5. Level 0 use cases
  6. Level 1 requirements
  7. Level 2 scope
  8. Level 3 targets
  9. Google’s internal adoption
  10. GitHub’s SLSA integration
  11. Attestation formats
  12. Signing infrastructure basics
Module 2. SLSA Level 1 Implementation Path
Walk through the first critical transition: achieving full reproducibility and metadata generation. Focus on CI pipeline tagging and build platform requirements.
12 chapters in this module
  1. Source URI standardization
  2. Build config identification
  3. Reproducible outputs definition
  4. Metadata schema setup
  5. Provenance generation tools
  6. Intoto attestation basics
  7. File integrity checks
  8. Logging build events
  9. CI job naming conventions
  10. Time-bound build windows
  11. Signed build logs
  12. Verification script templates
Module 3. SLSA Level 2 Architecture and Controls
Design build platforms with integrity enforcement. Implement platform isolation, build process signing, and artifact collection protocols.
12 chapters in this module
  1. Build platform separation
  2. Immutable build environments
  3. Ephemeral runner setup
  4. Container signing requirements
  5. Remote execution verification
  6. Build platform attestation
  7. Hardware vs cloud trade-offs
  8. Scheduled rebuild validation
  9. Build entry point controls
  10. Authentication for triggers
  11. Network access restrictions
  12. Build metadata completeness
Module 4. SLSA Level 3 Achieving Hermetic Builds
Engineer fully hermetic, reproducible builds using trusted toolchains and deterministic processes. Secure against dependency poisoning and timing attacks.
12 chapters in this module
  1. Hermetic environment design
  2. Dependency pinning methods
  3. Build graph verification
  4. Toolchain provenance
  5. Deterministic output generation
  6. Time-independent builds
  7. Resource consumption limits
  8. Isolated build networks
  9. Rebuild frequency standards
  10. Binary diffing techniques
  11. Cross-platform reproducibility
  12. Rebuild validation reporting
Module 5. Attestation and Signing Infrastructure
Set up robust signing workflows using Sigstore, Fulcio, and Rekor. Integrate with CI systems and verify signature chaining across releases.
12 chapters in this module
  1. Sigstore architecture overview
  2. Fulcio certificate issuance
  3. Rekor transparency log use
  4. Cosign CLI integration
  5. Keyless signing setup
  6. OIDC identity binding
  7. Signing policy enforcement
  8. Timestamp authorities
  9. Signature aggregation
  10. Multi-party signing workflows
  11. Revocation considerations
  12. Audit trail generation
Module 6. SLSA in CI/CD Pipelines
Embed SLSA controls directly into Jenkins, GitHub Actions, and GitLab CI. Automate provenance generation and validation gates.
12 chapters in this module
  1. Pipeline-as-code integration
  2. Pre-commit hooks for SLSA
  3. Provenance generation in CI
  4. Policy decision points
  5. Gate enforcement before merge
  6. Artifact signing automation
  7. Provenance metadata format
  8. SLSA-aware CI runners
  9. Build environment logging
  10. Pipeline configuration signing
  11. Dependency graph export
  12. SBOM generation alongside
Module 7. Vendor and Third-Party Attestations
Evaluate vendor compliance with SLSA standards. Request and verify third-party attestations during procurement and integration.
12 chapters in this module
  1. Vendor SLSA readiness checklist
  2. Attestation request templates
  3. Provenance verification steps
  4. Build environment inspection
  5. Third-party audit package review
  6. Gap analysis for Level 2
  7. Remediation paths
  8. Contractual language suggestions
  9. Integration risk scoring
  10. Escalation protocols
  11. Cross-org collaboration
  12. Shared attestation repositories
Module 8. SLSA and Regulatory Alignment
Map SLSA controls to compliance frameworks including SOC 2, ISO 27001, and NIST CSF. Use attestations as audit evidence.
12 chapters in this module
  1. SOC 2 control mapping
  2. ISO 27001 Annex A alignment
  3. NIST CSF PR.DS-6 linkage
  4. GDPR software integrity ties
  5. Audit package structure
  6. Attestation as evidence
  7. Regulator communication templates
  8. Internal control narratives
  9. Compliance automation
  10. Cross-framework reporting
  11. Policy integration
  12. Control ownership models
Module 9. Internal Advocacy and Training
Develop materials to train engineers, justify SLSA investments, and scale internal adoption. Build organizational muscle.
12 chapters in this module
  1. Internal workshop design
  2. Level transition playbooks
  3. Engineering onboarding content
  4. Leadership briefing decks
  5. Success metric tracking
  6. Adoption KPIs
  7. Feedback collection
  8. Champion network setup
  9. Documentation templates
  10. Escalation routing
  11. Cross-team sync formats
  12. Progress reporting
Module 10. SLSA Gap Analysis and Readiness Assessment
Run internal evaluations to determine current SLSA maturity. Identify priorities and build a phased upgrade roadmap.
12 chapters in this module
  1. Assessment framework design
  2. Interview questions for teams
  3. Artifact collection plan
  4. Build environment inspection
  5. Provenance verification test
  6. Signing infrastructure review
  7. Dependency tracking depth
  8. Reproducibility testing
  9. Gap scoring rubric
  10. Remediation prioritization
  11. Roadmap development
  12. Stakeholder alignment
Module 11. Advanced Threat Modeling with SLSA
Use SLSA levels to model attacker impact and design mitigations. Focus on supply chain compromise scenarios and detection gaps.
12 chapters in this module
  1. Threat actor profiles
  2. Dependency confusion attacks
  3. Build hijacking risks
  4. Signed malware patterns
  5. Registry poisoning
  6. CI pipeline compromise
  7. Provenance forgery attempts
  8. Detection via Rekor logs
  9. Rebuild validation alerts
  10. Incident response integration
  11. Post-breach attestation checks
  12. Lessons from real incidents
Module 12. SLSA Integration with Broader Security Ecosystem
Connect SLSA to vulnerability databases, SBOM tools, and identity platforms. Create a unified software integrity layer.
12 chapters in this module
  1. SBOM correlation methods
  2. CVE linkage strategies
  3. VEX document integration
  4. Identity binding patterns
  5. SSO for build systems
  6. Zero Trust alignment
  7. Artifact threat scoring
  8. Security orchestration
  9. SIEM integration
  10. Alerting rules
  11. Dashboard design
  12. Cross-tool automation

How this maps to your situation

  • New SLSA requirement in vendor contract
  • Post-incident software supply chain review
  • Audit preparation with software integrity focus
  • Internal push to standardize build attestations

Before vs. after

Before
Reliant on external guidance when fielding SLSA questions, with limited internal precedent for implementation.
After
Recognized as the go-to practitioner for SLSA architecture, capable of leading transitions from Level 1 to Level 3 with confidence.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 45 minutes per module, designed for integration into weekly workflows over three months.

If nothing changes
Without structured knowledge, teams default to fragmented, inconsistent approaches to software integrity, increasing audit friction and incident response complexity.

How this compares to the alternatives

Unlike vendor-specific certifications or broad security courses, this program delivers targeted, implementation-grade SLSA expertise with direct applicability to audit, engineering, and vendor governance contexts.

Frequently asked

Who is this course for?
Engineers and platform specialists leading secure software delivery in regulated or high-trust environments where SLSA compliance is emerging as a requirement.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Can I apply this to non-Google ecosystems?
Yes. While SLSA originated at Google, the framework is implementation-agnostic and applicable to any build system using proper attestation and signing practices.
$199 one-time. Approximately 45 minutes per module, designed for integration into weekly workflows over three months..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours