Hosting: OpenSSF SLSA Workshop
In this hands-on workshop, we will explain how organizations can leverage the Supply-chain Levels for Software Artifacts (SLSA) framework to harden the SDLC of code deployed in production.
To build a good understanding of how SLSA can be deployed at scale, we will take participants through a series of hands-on coding activities to secure a container developed on GitHub and deployment on Kubernetes. Our example will enforce two important properties: First, that all released images are integrity-protected against unauthorized parties. Second, that all deployed images are restricted to a set of cloud privileges, the same way we restrict privileges for OS processes.
We will then present how SLSA can be applied to harden AI models’ development and inference, the same way we do for traditional software like containers. We will take users through hands-on activities and demos to apply SLSA to AI models.
How to Register: Pre-registration is required. To register for OpenSSF SLSA Workshop, add it to your Open Source Summit North America registration.
