The Software Supply chain is everything that goes into the process of developing and deploying your code to production. From the version control system where you check-in code, to the management of Open Source dependencies. From the CI/CD pipelines that build and deploy code, to making your packaged software available to your end users. The delivery chain can be severely compromised due to vulnerabilities across open source components that you did not write.
SLSA, is Supply-chain Levels for Software Artifacts. It is a security framework from source to service, giving anyone working with software a common language for increasing levels of software security and supply chain integrity.
This session will give Developers and DevOps Engineers an overview of the risk vectors in a typical software supply chain, how you can keep your organization and consumers safe, and how you can contribute to the SLSA framework.