A tailored course, built for your situation
Faster path from SLSA intent to signed software artefact
Ship verifiable, compliant software faster by mastering SLSA framework integration from design to CI/CD
The situation this course is for
Teams treating SLSA as a compliance checkpoint rather than an engineering workflow face repeated audit findings, last-minute fixes, and delayed releases. The gap between signing intent and actual build integrity creates costly friction.
Who this is for
Senior software engineers and platform leads integrating SLSA into CI/CD pipelines who need to move fast while meeting strict supply chain standards
Who this is not for
Entry-level developers learning SLSA basics, compliance officers without CI/CD ownership, or teams not actively shipping signed artefacts
What you walk away with
- Own end-to-end SLSA implementation from design to signed output
- Produce build attestations that pass internal audit first time
- Reduce time from policy draft to working SLSA Level 2+ build by 60%
- Anticipate reviewer feedback using pre-embedded attestation patterns
- Turn SLSA requirements into differentiated delivery speed
The 12 modules (with all 144 chapters)
- What SLSA solves in software delivery
- SLSA Level 0 vs Level 1 trade-offs
- Level 2 requirements in developer workflows
- Level 3 in high-assurance environments
- Provenance vs metadata clarity
- Verifiable builds in public ecosystems
- Attestation types across levels
- Signing keys and trust boundaries
- SLSA vs SBOM use cases compared
- NIST SSDF alignment points
- Google’s SLSA adoption path
- GitHub’s SLSA integration patterns
- Define build criticality upfront
- Map artefacts to SLSA levels early
- Secure build environments by design
- Source integrity validation patterns
- Trusted builder selection criteria
- CI/CD pipeline prerequisites
- Minimize rebuild scenarios
- Immutable logs for reproducibility
- Timestamp authority integration
- Define ownership per stage
- Automated drift detection setup
- Pre-signing checklist integration
- GitHub Actions SLSA setup
- GitLab CI SLSA attestation
- Jenkins build provenance add-ons
- Tekton Chains integration
- Sigstore signing in pipeline
- Cosign for artefact signing
- TUF for secure distribution
- Keyless signing workflows
- Rekor transparency log use
- Fulcio integration steps
- Automated level-up validation
- Audit-ready output formatting
- SBOM as SLSA input or output
- SPDX vs CycloneDX for SLSA
- Automated SBOM generation tools
- SBOM attestation linkage
- Vulnerability metadata inclusion
- Version alignment checks
- Dependency provenance tracing
- Hash chain validation
- Automated expiry alerts
- SBOM update cadence design
- Integration with OSV database
- Human-readable SBOM formats
- Key rotation strategy
- Short-lived certs via Fulcio
- Sigstore keyless signing
- Multi-stage attestation flows
- Policy engine for auto-approval
- Attestation schema patterns
- SLSA Provenance format deep dive
- Custom attestation types
- Metadata embedding techniques
- Immutable storage options
- Cross-signing for redundancy
- Signature lifetime management
- Policy engine setup for SLSA
- Kyverno policy templates
- Gatekeeper rules for SLSA
- Verify SLSA level in deployment
- Rejection workflows for non-compliant
- Logging non-compliant attempts
- Integration with service mesh
- Cluster admission controls
- Scorecard checks integration
- Static analysis for attestations
- Runtime verification layers
- Automated compliance dashboard
- Team structure and goals
- Baseline CI/CD setup
- SLSA Level 1 gaps
- Provenance generation plan
- Sigstore integration steps
- Builder trust configuration
- Immutable log setup
- Signing key management
- Attestation schema design
- Policy enforcement rollout
- Audit findings and fixes
- Level 2 sign-off process
- Regulatory drivers for Level 3
- Secure build environment design
- Isolated build execution
- Hardware-backed trust setup
- Time-bound key issuance
- Multi-party approval workflows
- Code review integration
- Attestation chaining
- Independent verification layer
- Audit trail completeness
- Independent logging setup
- Level 3 certification path
- Policy version control
- Automated drift detection
- Alerting on non-compliant builds
- Auto-remediation workflows
- Build revalidation triggers
- Patch-level policy updates
- Scheduled compliance checks
- Attestation expiry tracking
- Integration with ticketing
- Slack alerts for failures
- Daily compliance summary reports
- Escalation to engineering leads
- Security team handoff process
- Audit log requirements
- Incident source verification
- Breach investigation use case
- Compliance evidence packing
- Internal auditor access setup
- External audit walkthroughs
- SOC 2 control mapping
- ISO 27001 integration points
- NIST 800-53 alignment
- Evidence retention rules
- Cross-team playbook sync
- Frictionless signing workflows
- Pre-push compliance checks
- Fast feedback on failures
- Local attestation testing
- CI/CD failure diagnostics
- Developer documentation hub
- Sandbox environments for testing
- Interactive attestation preview
- Self-serve policy updates
- Onboarding for new teams
- Feedback loop design
- Usability testing rounds
- Central team vs embedded model
- SLSA guild formation
- Cross-team playbook alignment
- Shared attestation libraries
- Internal certification path
- Training rollout strategy
- Leadership engagement plan
- Metrics for adoption tracking
- Quarterly maturity reviews
- Roadmap for Level upgrades
- External recognition strategy
- Open source contribution path
How this maps to your situation
- When starting from partial SLSA adoption
- During major CI/CD overhaul
- Preparing for security audit
- Scaling compliance across teams
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: 6-8 hours total, self-paced, with implementation milestones every 2 modules.
How this compares to the alternatives
Unlike generic security or compliance courses, this course delivers targeted, actionable steps to implement SLSA in real CI/CD pipelines, focused on speed, not theory.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.