SLSA, Supply-chain Levels for Software Artifacts (https://slsa.dev), is an Open Source Security Foundation (OpenSSF) project that defines incremental security levels which platforms can implement to prevent tampering with the software supply chain.
In this talk, Joshua introduces the SLSA project. He covers the SLSA principles, including how they are useful principles across DevSecOps processes and systems; looks at the threat model that guides SLSA work; introduces SLSA’s security levels; and concludes with a brief summary of the open source project, future plans, and how you can get involved.