Skip to main content
HashiConf More sessions have been added to the conference agenda. Buy your pass and plan your schedule. Register
Presentation

SLSA and GUAC: A Tasty Combination for Supply Chain Security featuring Waypoint

Supply chain attacks are an increasing security concern for organizations and developers who use third party software and build systems. In order to mitigate the risks of supply chain attacks, Supply chain Levels for Software Artifacts, or SLSA (salsa) was created in order to help improve the security of software solutions. A great pairing with SLSA - known as GUAC can help to bring together many sources of software security metadata to enhance security throughout the SDLC. In this talk, we will implement SLSA and GUAC in a CI/CD system using Waypoint. This demonstration will show how to utilize supply chain security with containerized applications that can run on Kubernetes. We will go through a source to deployment scenario that utilizes SLSA and GUAC to attest to a high level of software security throughout the process.

Supply chain attacks are an increasing security concern for organizations and developers who use third party software and build systems. In order to mitigate the risks of supply chain attacks, Supply chain Levels for Software Artifacts, or SLSA (salsa) was created in order to help improve the security of software solutions. A great pairing with SLSA - known as GUAC can help to bring together many sources of software security metadata to enhance security throughout the SDLC.

In this talk, we will implement SLSA and GUAC in a CI/CD system using Waypoint. This demonstration will show how to utilize supply chain security with containerized applications that can run on Kubernetes. We will go through a source to deployment scenario that utilizes SLSA and GUAC to attest to a high level of software security throughout the process.

More resources like this one

  • 1/19/2023
  • Presentation
Use Waypoint To Easily Deploy To All 3 Cloud Providers
  • 1/19/2023
  • Presentation
Waypoint: The Missing Abstraction between Devs and Deployments
  • 1/18/2023
  • Presentation
Blue-Green Deployments with Waypoint, Nomad, and Consul
  • 12/31/2022
  • Presentation
All Hands on Deck: How We Share Our Work