Software Supply Chain Security (SBOM, SLSA Frameworks) Fundamentals Training by Tonex
Organizations increasingly rely on third-party software components, making supply chain security a critical concern. This program explores the foundations of Software Bill of Materials (SBOM) and Secure Software Supply Chain Levels (SLSA) frameworks, ensuring participants gain practical understanding of safeguarding code integrity. Emphasis is placed on preventing vulnerabilities, ensuring compliance, and establishing resilient security practices. The course also addresses how these frameworks directly influence cybersecurity by reducing exposure to hidden risks, protecting against supply chain attacks, and strengthening organizational defense strategies in rapidly evolving digital ecosystems.
Learning Objectives:
- Understand fundamentals of SBOM and its role in software integrity
- Learn how SLSA frameworks enhance software supply chain trust
- Identify common vulnerabilities and mitigation approaches
- Apply compliance requirements to modern software ecosystems
- Evaluate tools supporting SBOM and SLSA adoption
- Strengthen cybersecurity resilience through supply chain defense
Audience:
- Software Developers
- IT Managers
- Security Engineers
- Cybersecurity Professionals
- Compliance Officers
- Technology Leaders
Course Modules:
Module 1: Foundations of Supply Chain Security
- Definition and scope of software supply chain
- Risks in modern software dependencies
- Importance of transparency and traceability
- SBOM fundamentals and core concepts
- SLSA framework introduction
- Role of cybersecurity in supply chain trust
Module 2: Understanding SBOM
- Structure and essential components of SBOM
- Standards: SPDX, CycloneDX, SWID
- Generating SBOMs with industry tools
- Managing open-source dependencies
- Linking SBOMs to compliance efforts
- Detecting vulnerabilities using SBOMs
Module 3: SLSA Framework Essentials
- Principles and objectives of SLSA
- Levels of assurance in SLSA
- Secure build and provenance requirements
- Integration into CI/CD pipelines
- Comparison with other assurance models
- Supporting cybersecurity through SLSA adoption
Module 4: Threats and Vulnerabilities
- Common software supply chain attack vectors
- Case studies of real-world breaches
- Dependency confusion risks
- Compromised updates and malicious inserts
- Zero-day exploitation in supply chains
- Cybersecurity strategies to mitigate risks
Module 5: Compliance and Governance
- Government and industry regulations
- Executive orders on software security
- NIST guidelines for SBOM adoption
- Aligning policies with organizational strategy
- Vendor risk management frameworks
- Cybersecurity compliance as ongoing process
Module 6: Tools and Implementation
- Leading SBOM generation and scanning tools
- Automating SLSA in development workflows
- Best practices for adoption at scale
- Measuring maturity of supply chain practices
- Organizational challenges and solutions
- Building a culture of secure software delivery
Secure your software ecosystems with confidence. Enroll in the Software Supply Chain Security (SBOM, SLSA Frameworks) Fundamentals Training by Tonex and equip your team with the knowledge to protect against evolving supply chain threats while strengthening cybersecurity resilience.