Express Learning Course

Automating Supply Chain Security: SBOMs and Signatures (LFEL1007)

Dive into the concept of automating security efforts for consuming & delivering software.

Who Is It For

This course is designed for software developers, open source maintainers, and IT security professionals.
read less read more
What You’ll Learn

Learn about software provenance, the role of source control, dependency tracking and creation of SBOMs. Get familiar with SBOM and signatory tools, and apply cosign and SLSA workflows with GitHub Actions.
read less read more
What It Prepares You For

By the end of this course, you should be able to create a plan for your own project to begin automating supply chain security.
read less read more
Course Outline
Chapter 1. Course Introduction
Chapter 2. Introduction to Software Provenance
Chapter 3. The Role of Source Control
Chapter 4. The Role of Dependency Tracking
Chapter 5. The Role of Tags and Signatures
Chapter 6. Automate Your Project’s Provenance

Prerequisites
To get the most possible value from this course, you should be familiar with the following:

  • Git
  • Command line tools
  • Continuous Integration
  • Semantic Versioning
Reviews
Jun 2024
It's SBOM & SLSA 101 to a degree and I liked the simplicity and to the point approach.
Jun 2024
The course provided lots of examples of tools that can be used for SBOMs.
Jun 2024
Very applicable with detailed instructions about what we should do. I liked that it focused on the tools we actually use (eg. GoLang, GitHub, Macs, etc)
Apr 2024
I like that I am able to implement these practices on my projects at hand.
Mar 2024
Good content, short and sweet.
Mar 2024
I'm rather new to this topic, and this course provided information in a very clear way.
Mar 2024
Value of information. I apply this process in my work.
Mar 2024
Some of the links to external resources have been particularly useful for exploring the topic in more detail.
Feb 2024
The specific focus for automation and the overall end-to-end perspective.
Feb 2024
Short and easy-to-understand introduction into supply chain security.
Sep 2023
I liked the link to using sigstore with github, signing commits.
Sep 2023
The Argo CD example, and continuous focus around provenance, which was the first step required to achieve SLSA level 1 requirements.