Home » Courses » Software Engineering » Software Safety » Secure Software Supply Chain & SSDF Fundamentals

Secure Software Supply Chain & SSDF Fundamentals

Length: 2 Days
Print Friendly, PDF & Email

Secure Software Supply Chain & SSDF Fundamentals Training by Tonex

Safety-Critical Software and Real-Time Systems Essentials Training by Tonex

Modern software moves through a complex chain of contributors, tools, and services where a single weak link can ripple across thousands of systems. This course equips professionals to design, implement, and audit secure software supply chains anchored in NIST’s Secure Software Development Framework. You will learn how to evaluate third-party code, produce trustworthy SBOMs, and fortify build and delivery pipelines. The impact on cybersecurity is direct and measurable, reducing exploit paths, tampering risk, and recovery time from incidents. By standardizing controls and provenance, organizations elevate resilience, protect brand trust, and meet regulatory expectations with confidence.

Learning Objectives

  • Identify software supply chain threats across development and delivery
  • Apply SSDF practices to manage third-party and open-source risks
  • Generate, validate, and govern SBOMs using SPDX and CycloneDX
  • Align processes with executive orders, OMB memos, and industry frameworks
  • Strengthen cybersecurity by hardening provenance, integrity, and response readiness

Audience

  • Cybersecurity Professionals
  • Security leaders
  • Compliance officers
  • Software architects

Course Modules

Module 1 – Supply Chain Threat Landscape

  • Attack surface across code to cloud
  • Compromise patterns and kill chains
  • Open-source dependency risks
  • Build system and CI pipeline threats
  • Signing, tampering, and key theft
  • Business and regulatory drivers

Module 2 – SSDF Essentials and Governance

  • SSDF practices and task mapping
  • Policy, RACI, and ownership
  • Secure design and threat modeling
  • Secure coding and code review
  • Security testing integration
  • Verification and attestations

Module 3 – SBOM Standards and Management

  • SBOM purpose and scope
  • SPDX and CycloneDX comparison
  • Component identity and metadata
  • SBOM generation in pipelines
  • Vulnerability correlation workflows
  • Storage, exchange, and governance

Module 4 – Dependency Trust and Provenance

  • Source integrity and pinning
  • Reproducible builds concepts
  • Sigstore and keyless signing
  • SLSA levels and attestations
  • Artifact repositories and policies
  • Runtime provenance validation

Module 5 – Secure Build and Delivery Systems

  • Segmentation and least privilege
  • Hardening build runners and agents
  • Secrets management and rotation
  • Trusted build images and bases
  • Continuous verification gates
  • Release signing and verification

Module 6 – Incident Response and Case Studies

  • Detection across the chain
  • Response playbooks and roles
  • SolarWinds lessons and controls
  • Log4j remediation strategies
  • Forensics and evidence handling
  • Post-incident hardening actions

Elevate supply chain assurance and meet SSDF expectations with Tonex. Enroll your team today to build trustworthy software, reduce risk, and accelerate compliance.

Request More Information