Spice Check: Building an E2E SLSA Implementation - Adolfo García Veytia, Carabiner Systems
Автор: OpenSSF
Загружено: 2025-12-01
Просмотров: 20
Spice Check: Building an E2E SLSA Implementation - Adolfo García Veytia, Carabiner Systems
Significant work has been invested in the SLSA (Supply-chain Levels for Software Artifacts) specification and the tools that generate the unforgeable evidence necessary to protect software. And for a while, the only missing part was a way to enforce those protections.
Now, we are ready to lock tight our software factories 🚀
With the recent release of the AMPEL policy engine and the SLSA 1.2 spec that includes the SLSA Source track, we can now write policies to harden software repositories and builds at each step from source to release. All based on signed, verifiable evidence.
This talk will showcase the new SLSA 1.2 spec, diving into the new source track as we protect a software release by enforcing policies at each stage of the SDLC with attested data from various tools.
We will describe how to leverage the AMPEL policy engine and through the collection of policies curated by its community we will instrument end to end protection for a software project with almost no code.
Доступные форматы для скачивания:
Скачать видео mp4
-
Информация по загрузке:
