blog: supply chain robots, electric sheep, and SLSA

[xbcsmith]

A blog post based on a talk given at ATO 2025 on Supply Chain Security and SLSA

A talk about creating automation, shifting left, attack vectors, attestations, verification, zero-trust, and SLSA.

In the talk I cover creating automation, shifting left, attack vectors, attestations, verification, zero-trust, and how the SLSA spec helps implement solutions for each. The main take away is that security needs to be applied everywhere in the pipeline. The talk should lead to a greater discussion around the challenges of securing the supply chain, supporting EO 14028 and ISO27001, and improving the security posture of your pipelines.

Talk Link

[netlify]

✅ Deploy Preview for slsa ready!

Name	Link
🔨 Latest commit	4f0b4f1
🔍 Latest deploy log	https://app.netlify.com/projects/slsa/deploys/694021ff263944000825c7f0
😎 Deploy Preview	https://deploy-preview-1528--slsa.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[arewm]

Thanks for this blog proposal. Did you use voice-to-text? It reads exactly like you talk.

I left a couple of comments to try to help with clarity.

[xbcsmith]

Thanks for this blog proposal. Did you use voice-to-text? It reads exactly like you talk.

I left a couple of comments to try to help with clarity.

Didn't use voice-to-text just banged it out on the keyboard like the old days...

[arewm]

According to CONTRIBUTING, we need another maintainer to approve: https://github.com/slsa-framework/slsa/blob/main/CONTRIBUTING.md#pull-request-types

@TomHennen , would you mind looking at this?

[TomHennen]

LGTM, I was waiting for @arewm to approve since he knows the content best. :)

[arewm]

You need to remove the old file as well or you'll get a double-post. :)