slsa-framework
blog: supply chain robots, electric sheep, and SLSA
A blog post based on a talk given at ATO 2025 on Supply Chain Security and SLSA
A talk about creating automation, shifting left, attack vectors, attestations, verification, zero-trust, and SLSA.
In the talk I cover creating automation, shifting left, attack vectors, attestations, verification, zero-trust, and how the SLSA spec helps implement solutions for each. The main take away is that security needs to be applied everywhere in the pipeline. The talk should lead to a greater discussion around the challenges of securing the supply chain, supporting EO 14028 and ISO27001, and improving the security posture of your pipelines.
Deploy Preview for slsa ready!
| Name | Link |
|---|---|
| Latest commit | 4f0b4f1543d977e12f488ebbf0cae3d454f8e303 |
| Latest deploy log | https://app.netlify.com/projects/slsa/deploys/694021ff263944000825c7f0 |
| Deploy Preview | https://deploy-preview-1528--slsa.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify project configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for this blog proposal. Did you use voice-to-text? It reads exactly like you talk.
I left a couple of comments to try to help with clarity.
Didn't use voice-to-text just banged it out on the keyboard like the old days...
According to CONTRIBUTING, we need another maintainer to approve: https://github.com/slsa-framework/slsa/blob/main/CONTRIBUTING.md#pull-request-types
@TomHennen , would you mind looking at this?
