SOSS Community Day India

Achieving Software Supply Chain Security Assurance (SLSA) compliance is essential in today's world of increasing cyber threats. This talk will provide a hands-on approach to implementing SLSA standards for your OCI artifacts, starting from your existing build pipelines. We will delve into the practical steps involved, including: * Generating high-quality Software Bill of Materials (SBOM) and provenance: Learn how to create accurate and comprehensive metadata for your artifacts. * Leveraging cosign for keyless attestations: Discover how to securely sign attestations without relying on traditional key management. * Integrating with Buildkit providers for hermetic builds: Ensure the integrity and reproducibility of your builds by isolating them from the surrounding environment. * Addressing best practices for dependency pinning, automated patching, attestation sharing, and collaboration with compliance teams: Gain insights into effective strategies for maintaining compliance and security. By the end of this talk, you will have a clear understanding of how to implement SLSA principles in your build processes and create secure, trustworthy OCI artifacts.