Skip to main content
HashiTalks 2025 Learn about unique use cases, homelab setups, and best practices at scale at our 24-hour virtual knowledge sharing event. Register
Presentation

SLSA and GUAC: A Tasty Combination for Supply Chain Security featuring Waypoint

Supply chain attacks are an increasing security concern for organizations and developers who use third party software and build systems. In order to mitigate the risks of supply chain attacks, Supply chain Levels for Software Artifacts, or SLSA (salsa) was created in order to help improve the security of software solutions. A great pairing with SLSA - known as GUAC can help to bring together many sources of software security metadata to enhance security throughout the SDLC. In this talk, we will implement SLSA and GUAC in a CI/CD system using Waypoint. This demonstration will show how to utilize supply chain security with containerized applications that can run on Kubernetes. We will go through a source to deployment scenario that utilizes SLSA and GUAC to attest to a high level of software security throughout the process.

Supply chain attacks are an increasing security concern for organizations and developers who use third party software and build systems. In order to mitigate the risks of supply chain attacks, Supply chain Levels for Software Artifacts, or SLSA (salsa) was created in order to help improve the security of software solutions. A great pairing with SLSA - known as GUAC can help to bring together many sources of software security metadata to enhance security throughout the SDLC.

In this talk, we will implement SLSA and GUAC in a CI/CD system using Waypoint. This demonstration will show how to utilize supply chain security with containerized applications that can run on Kubernetes. We will go through a source to deployment scenario that utilizes SLSA and GUAC to attest to a high level of software security throughout the process.

More resources like this one

1/19/2023Presentation

Use Waypoint To Easily Deploy To All 3 Cloud Providers

1/19/2023Presentation

Waypoint: The Missing Abstraction between Devs and Deployments

1/18/2023Presentation

Blue-Green Deployments with Waypoint, Nomad, and Consul

12/31/2022Presentation

All Hands on Deck: How We Share Our Work