-
Course
- Security
Build Controls for Supply Chain Security
Secure your build environment against modern supply chain attacks. Learn to apply secure development practices, manage third-party dependencies, and implement SBOMs and trusted frameworks to protect the integrity of your software pipeline.
What you'll learn
Modern attackers increasingly target the systems that build and deliver software, not just the software itself. In this course, Build Controls for Supply Chain Security, you'll learn how to harden your development environment and CI/CD pipelines against tampering, dependency attacks, and integrity failures. First, you’ll explore how to secure build environments by enforcing least privilege, controlling developer and system access, and implementing tamper-evident pipelines with signed and verifiable artifacts. Next, you’ll learn how to manage open-source and third-party dependencies with security in mind—automating vulnerability detection, evaluating risk based on reputation and maintenance, and applying policies for dependency approval and monitoring. Then, you’ll discover how to integrate Software Bills of Materials (SBOMs) into your SDLC. You’ll generate SBOMs automatically during builds, track component lineage, and use SBOMs for compliance and incident response workflows. Finally, you'll examine secure build frameworks, including SLSA, NIST SSDF, and CIS supply chain guidance, to learn how to assess your current maturity and prioritize actionable controls for securing your software delivery lifecycle. By the end of this course, you’ll have the skills to protect your software pipeline, improve supply chain visibility, and proactively defend against modern build system compromises.
Table of contents
About the author
Alex has spent the past 30 years working as a software developer, application architect, cybersecurity professional, and technical trainer. He is a lifelong learner and holds over 20 active certifications in software development, project management, and cybersecurity. Alex is a CompTIA and Microsoft Certified Trainer and enjoys sharing his knowledge with others. He has taught at Rutgers University (NJ), Bergen Community College (NJ), County College of Morris (NJ), College of Southern Nevada, and UNLV.
More Courses by Alexander