SLSA and GUAC: A Tasty Combination for Supply Chain Security featuring Waypoint

Supply chain attacks are an increasing security concern for organizations and developers who use third party software and build systems. In order to mitigate the risks of supply chain attacks, Supply chain Levels for Software Artifacts, or SLSA (salsa) was created in order to help improve the security of software solutions. A great pairing with SLSA - known as GUAC can help to bring together many sources of software security metadata to enhance security throughout the SDLC. In this talk, we will implement SLSA and GUAC in a CI/CD system using Waypoint. This demonstration will show how to utilize supply chain security with containerized applications that can run on Kubernetes. We will go through a source to deployment scenario that utilizes SLSA and GUAC to attest to a high level of software security throughout the process.

Supply chain attacks are an increasing security concern for organizations and developers who use third party software and build systems. In order to mitigate the risks of supply chain attacks, Supply chain Levels for Software Artifacts, or SLSA (salsa) was created in order to help improve the security of software solutions. A great pairing with SLSA - known as GUAC can help to bring together many sources of software security metadata to enhance security throughout the SDLC.

In this talk, we will implement SLSA and GUAC in a CI/CD system using Waypoint. This demonstration will show how to utilize supply chain security with containerized applications that can run on Kubernetes. We will go through a source to deployment scenario that utilizes SLSA and GUAC to attest to a high level of software security throughout the process.