Skip to main content
Image coming soon

Faster path from SLSA intent to signed software artefact

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Faster path from SLSA intent to signed software artefact

Ship verifiable, compliant software faster by mastering SLSA framework integration from design to CI/CD

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Manual, late-stage SLSA implementation slows release velocity and increases rework.

The situation this course is for

Teams treating SLSA as a compliance checkpoint rather than an engineering workflow face repeated audit findings, last-minute fixes, and delayed releases. The gap between signing intent and actual build integrity creates costly friction.

Who this is for

Senior software engineers and platform leads integrating SLSA into CI/CD pipelines who need to move fast while meeting strict supply chain standards

Who this is not for

Entry-level developers learning SLSA basics, compliance officers without CI/CD ownership, or teams not actively shipping signed artefacts

What you walk away with

  • Own end-to-end SLSA implementation from design to signed output
  • Produce build attestations that pass internal audit first time
  • Reduce time from policy draft to working SLSA Level 2+ build by 60%
  • Anticipate reviewer feedback using pre-embedded attestation patterns
  • Turn SLSA requirements into differentiated delivery speed

The 12 modules (with all 144 chapters)

Module 1. SLSA framework fundamentals in practice
Understand SLSA layers, levels, and core constructs as applied in real CI/CD environments, not just policy theory.
12 chapters in this module
  1. What SLSA solves in software delivery
  2. SLSA Level 0 vs Level 1 trade-offs
  3. Level 2 requirements in developer workflows
  4. Level 3 in high-assurance environments
  5. Provenance vs metadata clarity
  6. Verifiable builds in public ecosystems
  7. Attestation types across levels
  8. Signing keys and trust boundaries
  9. SLSA vs SBOM use cases compared
  10. NIST SSDF alignment points
  11. Google’s SLSA adoption path
  12. GitHub’s SLSA integration patterns
Module 2. Designing for SLSA compliance from inception
Shift left by embedding SLSA requirements during architecture design, not during audit prep.
12 chapters in this module
  1. Define build criticality upfront
  2. Map artefacts to SLSA levels early
  3. Secure build environments by design
  4. Source integrity validation patterns
  5. Trusted builder selection criteria
  6. CI/CD pipeline prerequisites
  7. Minimize rebuild scenarios
  8. Immutable logs for reproducibility
  9. Timestamp authority integration
  10. Define ownership per stage
  11. Automated drift detection setup
  12. Pre-signing checklist integration
Module 3. Integrating SLSA in CI/CD pipelines
Implement SLSA-compliant builds directly in CI/CD with tooling that supports provenance and signing.
12 chapters in this module
  1. GitHub Actions SLSA setup
  2. GitLab CI SLSA attestation
  3. Jenkins build provenance add-ons
  4. Tekton Chains integration
  5. Sigstore signing in pipeline
  6. Cosign for artefact signing
  7. TUF for secure distribution
  8. Keyless signing workflows
  9. Rekor transparency log use
  10. Fulcio integration steps
  11. Automated level-up validation
  12. Audit-ready output formatting
Module 4. Generating compliant software bills of materials
Create complete, accurate SBOMs as a byproduct of SLSA-compliant builds.
12 chapters in this module
  1. SBOM as SLSA input or output
  2. SPDX vs CycloneDX for SLSA
  3. Automated SBOM generation tools
  4. SBOM attestation linkage
  5. Vulnerability metadata inclusion
  6. Version alignment checks
  7. Dependency provenance tracing
  8. Hash chain validation
  9. Automated expiry alerts
  10. SBOM update cadence design
  11. Integration with OSV database
  12. Human-readable SBOM formats
Module 5. Signing and attestation at scale
Implement scalable, secure signing workflows that maintain developer velocity.
12 chapters in this module
  1. Key rotation strategy
  2. Short-lived certs via Fulcio
  3. Sigstore keyless signing
  4. Multi-stage attestation flows
  5. Policy engine for auto-approval
  6. Attestation schema patterns
  7. SLSA Provenance format deep dive
  8. Custom attestation types
  9. Metadata embedding techniques
  10. Immutable storage options
  11. Cross-signing for redundancy
  12. Signature lifetime management
Module 6. Validating SLSA compliance in consuming systems
Ensure downstream systems can verify and enforce SLSA policies automatically.
12 chapters in this module
  1. Policy engine setup for SLSA
  2. Kyverno policy templates
  3. Gatekeeper rules for SLSA
  4. Verify SLSA level in deployment
  5. Rejection workflows for non-compliant
  6. Logging non-compliant attempts
  7. Integration with service mesh
  8. Cluster admission controls
  9. Scorecard checks integration
  10. Static analysis for attestations
  11. Runtime verification layers
  12. Automated compliance dashboard
Module 7. SLSA Level 2 implementation case study
Follow a real-world implementation of SLSA Level 2 in a cloud-native platform team.
12 chapters in this module
  1. Team structure and goals
  2. Baseline CI/CD setup
  3. SLSA Level 1 gaps
  4. Provenance generation plan
  5. Sigstore integration steps
  6. Builder trust configuration
  7. Immutable log setup
  8. Signing key management
  9. Attestation schema design
  10. Policy enforcement rollout
  11. Audit findings and fixes
  12. Level 2 sign-off process
Module 8. SLSA Level 3 implementation case study
Walk through a high-assurance SLSA Level 3 deployment in a regulated environment.
12 chapters in this module
  1. Regulatory drivers for Level 3
  2. Secure build environment design
  3. Isolated build execution
  4. Hardware-backed trust setup
  5. Time-bound key issuance
  6. Multi-party approval workflows
  7. Code review integration
  8. Attestation chaining
  9. Independent verification layer
  10. Audit trail completeness
  11. Independent logging setup
  12. Level 3 certification path
Module 9. Automating policy updates and drift response
Maintain SLSA compliance without manual overhead using automation and monitoring.
12 chapters in this module
  1. Policy version control
  2. Automated drift detection
  3. Alerting on non-compliant builds
  4. Auto-remediation workflows
  5. Build revalidation triggers
  6. Patch-level policy updates
  7. Scheduled compliance checks
  8. Attestation expiry tracking
  9. Integration with ticketing
  10. Slack alerts for failures
  11. Daily compliance summary reports
  12. Escalation to engineering leads
Module 10. Integrating SLSA with security and audit workflows
Connect SLSA outputs to security reviews, audits, and incident response.
12 chapters in this module
  1. Security team handoff process
  2. Audit log requirements
  3. Incident source verification
  4. Breach investigation use case
  5. Compliance evidence packing
  6. Internal auditor access setup
  7. External audit walkthroughs
  8. SOC 2 control mapping
  9. ISO 27001 integration points
  10. NIST 800-53 alignment
  11. Evidence retention rules
  12. Cross-team playbook sync
Module 11. Optimizing developer experience under SLSA
Keep developer velocity high while enforcing strict SLSA standards.
12 chapters in this module
  1. Frictionless signing workflows
  2. Pre-push compliance checks
  3. Fast feedback on failures
  4. Local attestation testing
  5. CI/CD failure diagnostics
  6. Developer documentation hub
  7. Sandbox environments for testing
  8. Interactive attestation preview
  9. Self-serve policy updates
  10. Onboarding for new teams
  11. Feedback loop design
  12. Usability testing rounds
Module 12. Sustaining and evolving SLSA across teams
Scale SLSA adoption across engineering with ownership, tooling, and shared standards.
12 chapters in this module
  1. Central team vs embedded model
  2. SLSA guild formation
  3. Cross-team playbook alignment
  4. Shared attestation libraries
  5. Internal certification path
  6. Training rollout strategy
  7. Leadership engagement plan
  8. Metrics for adoption tracking
  9. Quarterly maturity reviews
  10. Roadmap for Level upgrades
  11. External recognition strategy
  12. Open source contribution path

How this maps to your situation

  • When starting from partial SLSA adoption
  • During major CI/CD overhaul
  • Preparing for security audit
  • Scaling compliance across teams

Before vs. after

Before
SLSA implementation is reactive, fragmented, and slows down releases.
After
SLSA is embedded and automatic, delivering faster, compliant builds on demand.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: 6-8 hours total, self-paced, with implementation milestones every 2 modules.

If nothing changes
Without structured SLSA integration, teams face repeated audit findings, delayed releases, and growing technical debt in software supply chain integrity.

How this compares to the alternatives

Unlike generic security or compliance courses, this course delivers targeted, actionable steps to implement SLSA in real CI/CD pipelines, focused on speed, not theory.

Frequently asked

Is this course about SLSA policy or implementation?
It focuses on practical implementation, how to build, sign, and validate SLSA-compliant artefacts in real pipelines.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Do I need prior SLSA experience?
No, this course starts with applied fundamentals and moves to advanced automation.
$199 one-time. 6-8 hours total, self-paced, with implementation milestones every 2 modules..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours