Express Learning Course

Automating Supply Chain Security: SBOMs and Signatures (LFEL1007)

Dive into the concept of automating security efforts for consuming & delivering software.

Who Is It For

This course is designed for software developers, open source maintainers, and IT security professionals.
read less read more
What You’ll Learn

Learn about software provenance, the role of source control, dependency tracking and creation of SBOMs. Get familiar with SBOM and signatory tools, and apply cosign and SLSA workflows with GitHub Actions.
read less read more
What It Prepares You For

By the end of this course, you should be able to create a plan for your own project to begin automating supply chain security.
read less read more
Course Outline
Chapter 1. Course Introduction
Chapter 2. Introduction to Software Provenance
Chapter 3. The Role of Source Control
Chapter 4. The Role of Dependency Tracking
Chapter 5. The Role of Tags and Signatures
Chapter 6. Automate Your Project’s Provenance

To get the most possible value from this course, you should be familiar with the following:

  • Git
  • Command line tools
  • Continuous Integration
  • Semantic Versioning
Sep 2023
I liked the link to using sigstore with github, signing commits.
Sep 2023
The Argo CD example, and continuous focus around provenance, which was the first step required to achieve SLSA level 1 requirements.