Skip to main content
Image coming soon

Direct Sign-Off Authority on SLSA Framework Decisions

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Direct Sign-Off Authority on SLSA Framework Decisions

Own the specification, implementation, and evolution of software supply chain integrity without escalation

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.

Who this is for

Senior practitioner in software supply chain governance shaping framework-level decisions at scale

Who this is not for

Individuals looking for introductory overviews or team-wide compliance checklists

What you walk away with

  • Finalize SLSA level definitions without escalation
  • Approve attestation criteria and validation thresholds
  • Control scope of SLSA implementation across CI/CD pipelines
  • Own vendor integration rules for artifact signing and verification
  • Document command boundaries that survive team and leadership changes

The 12 modules (with all 144 chapters)

Module 1. Defining SLSA Level Thresholds
Establish baseline requirements for SLSA Level 1 through 4 across projects. Map organizational risk appetite to tiered adoption paths. Set criteria for progression between levels using real-world deployment patterns.
12 chapters in this module
  1. Understanding SLSA maturity tiers
  2. Aligning levels with deployment criticality
  3. Setting minimum build integrity standards
  4. Incorporating artifact signing mandates
  5. Mapping toolchain capabilities to SLSA
  6. Defining trusted build environments
  7. Establishing provenance metadata rules
  8. Setting criteria for source authenticity
  9. Integrating dependency verification
  10. Documenting level promotion paths
  11. Assessing organizational readiness
  12. Finalizing level adoption roadmap
Module 2. Attestation Criteria Finalization
Define which artifacts require attestations and under what conditions. Set policies for signature validation, signing authority scope, and expiration rules, all enforceable across platforms.
12 chapters in this module
  1. Classifying artifacts by risk tier
  2. Mandating in-toto attestations
  3. Setting signature validation rules
  4. Defining signing key custody policies
  5. Establishing expiration windows
  6. Enforcing time-bound verification
  7. Mapping roles to attestation rights
  8. Integrating policy controllers
  9. Validating attestation freshness
  10. Automating revocation checks
  11. Auditing attestation compliance
  12. Documenting attestation enforcement
Module 3. Build Pipeline Integrity Standards
Secure the build stage with verifiable, reproducible pipelines. Define golden image criteria, enforce clean-room builds, and require provenance generation by default.
12 chapters in this module
  1. Identifying trusted build agents
  2. Enforcing isolated build environments
  3. Requiring reproducible outputs
  4. Validating build process provenance
  5. Setting container image signing rules
  6. Controlling base image sourcing
  7. Enforcing dependency pinning
  8. Verifying build entry points
  9. Auditing pipeline configuration
  10. Documenting pipeline attestation
  11. Integrating with CI/CD triggers
  12. Finalizing pipeline compliance gates
Module 4. Dependency Verification Framework
Establish rules for validating third-party components. Define scanning thresholds, SBOM inclusion mandates, and update response timelines for vulnerable dependencies.
12 chapters in this module
  1. Classifying dependency risk levels
  2. Mandating automated vulnerability scans
  3. Setting SBOM generation rules
  4. Requiring SPDX or CycloneDX format
  5. Validating transitive dependency chains
  6. Enforcing minimum patch windows
  7. Blocking known-malicious packages
  8. Integrating package reputation feeds
  9. Setting override approval paths
  10. Auditing dependency change logs
  11. Documenting verification compliance
  12. Finalizing dependency policy enforcement
Module 5. Artifact Registry Governance
Control where and how signed artifacts are stored. Define retention rules, access policies, and cross-repository promotion workflows.
12 chapters in this module
  1. Classifying registry trust zones
  2. Setting artifact retention periods
  3. Enforcing role-based access controls
  4. Defining registry encryption standards
  5. Requiring immutable storage
  6. Controlling cross-repository promotion
  7. Validating registry backup integrity
  8. Auditing registry access patterns
  9. Integrating with CI/CD gates
  10. Documenting registry compliance
  11. Establishing disaster recovery rules
  12. Finalizing registry policy enforcement
Module 6. Vendor Integration Sign-Off
Own the end-to-end process for onboarding third-party tools into the SLSA workflow. Set integration criteria, validation benchmarks, and attestation requirements.
12 chapters in this module
  1. Evaluating vendor toolchain compliance
  2. Setting SLSA integration prerequisites
  3. Validating third-party signing practices
  4. Requiring provenance export capabilities
  5. Establishing vendor audit rights
  6. Setting SLA expectations for attestation
  7. Controlling API access scopes
  8. Enforcing security certification mandates
  9. Documenting integration approvals
  10. Auditing vendor compliance posture
  11. Finalizing vendor attestation standards
  12. Managing vendor exit processes
Module 7. Policy Enforcement Automation
Translate framework decisions into enforceable policies. Implement policy controllers, admission webhooks, and audit logging to ensure compliance at scale.
12 chapters in this module
  1. Mapping SLSA rules to policy engines
  2. Configuring OPA or Kyverno policies
  3. Integrating with Kubernetes admission
  4. Setting policy override protocols
  5. Logging non-compliant deployments
  6. Enabling automated remediation
  7. Validating policy consistency
  8. Auditing policy decision logs
  9. Documenting enforcement thresholds
  10. Integrating with observability tools
  11. Setting alerting rules
  12. Finalizing policy lifecycle
Module 8. Cross-Team Framework Alignment
Establish consistent SLSA adoption across engineering units. Define shared templates, enforce baseline standards, and create cross-functional review processes.
12 chapters in this module
  1. Identifying team-specific adaptations
  2. Setting minimum compliance baselines
  3. Creating shared implementation templates
  4. Establishing review escalation paths
  5. Documenting team exemptions
  6. Validating cross-team consistency
  7. Auditing framework drift
  8. Integrating with platform teams
  9. Enforcing central policy repositories
  10. Supporting team-level innovation
  11. Measuring adoption rates
  12. Finalizing governance feedback loop
Module 9. Incident Response Integration
Embed SLSA verification into incident workflows. Define rollback criteria, provenance checks during breaches, and attestation validation during forensics.
12 chapters in this module
  1. Mapping SLSA to incident playbooks
  2. Setting provenance validation triggers
  3. Requiring artifact lineage during triage
  4. Validating rollback artifact integrity
  5. Enabling rapid attestation checks
  6. Documenting breach response steps
  7. Auditing response actions
  8. Integrating with SOC teams
  9. Establishing forensic access rules
  10. Controlling emergency override use
  11. Finalizing incident attestation policy
  12. Reviewing post-incident compliance
Module 10. Audit and Compliance Reporting
Generate verifiable, consistent evidence packages for internal and external audits. Define report scope, retention rules, and automated collection workflows.
12 chapters in this module
  1. Identifying audit-relevant artifacts
  2. Setting evidence collection standards
  3. Automating SBOM aggregation
  4. Validating attestation completeness
  5. Generating reconciliation reports
  6. Controlling audit data access
  7. Enforcing data retention rules
  8. Auditing report generation process
  9. Integrating with compliance platforms
  10. Documenting audit response readiness
  11. Setting auditor access protocols
  12. Finalizing compliance reporting pipeline
Module 11. Framework Evolution Ownership
Control the roadmap for SLSA adoption improvements. Define criteria for upgrades, incorporate feedback, and manage version transitions across teams.
12 chapters in this module
  1. Establishing upgrade eligibility
  2. Setting backward compatibility rules
  3. Evaluating new SLSA features
  4. Incorporating team feedback
  5. Planning phased rollouts
  6. Controlling deprecation timelines
  7. Validating transition readiness
  8. Auditing change impact
  9. Documenting framework decisions
  10. Integrating with standards bodies
  11. Finalizing version governance
  12. Measuring adoption improvement
Module 12. Command Boundary Documentation
Formalize decision ownership to ensure continuity. Document sign-off rights, escalation rules, and framework boundaries that persist across leadership changes.
12 chapters in this module
  1. Identifying command scope boundaries
  2. Defining decision ownership
  3. Mapping authority to roles
  4. Setting escalation triggers
  5. Documenting approval waivers
  6. Validating succession readiness
  7. Auditing decision records
  8. Integrating with org charts
  9. Enforcing documentation updates
  10. Controlling access to command logs
  11. Finalizing command playbook
  12. Measuring command consistency

How this maps to your situation

  • When defining SLSA levels for new projects
  • Before vendor integration decisions are finalized
  • During audit preparation cycles
  • After incident response involving supply chain elements

Before vs. after

Before
Framework decisions require consensus, review, or escalation.
After
You make binding calls on SLSA scope, thresholds, and implementation without approval.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 3 hours per module, or 36 hours total, with flexible pacing and immediate access to all materials.

If nothing changes
Continuing to operate without documented command creates dependency on others for critical decisions, slows adoption, and exposes execution to inconsistency or reversal.

How this compares to the alternatives

Unlike generic compliance courses, this program focuses exclusively on command over SLSA framework decisions, giving you documented authority no checklist can provide.

Frequently asked

Is this course specific to a particular cloud platform?
No. The content is platform-agnostic and focuses on decision rights and framework control across any CI/CD environment.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Will I receive certification upon completion?
No certification is issued. The value is in the documented command and implementation playbook you build during the course.
$199 one-time. Approximately 3 hours per module, or 36 hours total, with flexible pacing and immediate access to all materials..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours