Presented at
ShmooCon 2023,
Jan. 20, 2023, 4:30 p.m.
(30 minutes).
Yes you got lots and lots of trouble
I’m thinkin’ of the devs in CICD
Shirt-tail young ones, peekin’ in the IDE window after school
You got trouble, folks
Right here in ShmooCon, trouble with a capital “T”
And that rhymes with “C” and that stands for cooooode
Have you been asked if you have a secure software supply chain? Or which SLSA level your software is built to? If you have, but you are unsure what exactly they are asking for, this talk is for you. Luckily, this is not another step to add, it’s a framework and you may be closer to compliance than you think! I’ll explain what the Supply chain Level for Software Artifacts (SLSA) framework is, why it is useful, what it can’t do for you, how it fits into your development process, and a variety of tools you can use (Open Source, Free, Paid, and roll your own) to help you meet your desired level of SLSA.
Presenters:
-
Nicole Schwartz
Nicole Schwartz (@CircuitSwan) speaks about Information Security, DevSecOps, Agile, and DEI. She is currently a Product Manager at ActiveState, Chief Operating Officer for The Diana Initiative, an organizer for the SkyTalks village at DEF CON, and a Researcher at the Internet of Dongs. She was formerly a Technical Product Manager for GitLab (Composition Analysis) and Rackspace (Public Cloud). She holds a Master of Science in Information Technology from Clarkson University. She can be found online @CircuitSwan where you are likely to find tea reviews, her two cats, and her flemish giant rabbit.
Similar Presentations: