Build Controls for Supply Chain Security

What you'll learn

Modern attackers increasingly target the systems that build and deliver software, not just the software itself. In this course, Build Controls for Supply Chain Security, you'll learn how to harden your development environment and CI/CD pipelines against tampering, dependency attacks, and integrity failures. First, you’ll explore how to secure build environments by enforcing least privilege, controlling developer and system access, and implementing tamper-evident pipelines with signed and verifiable artifacts. Next, you’ll learn how to manage open-source and third-party dependencies with security in mind—automating vulnerability detection, evaluating risk based on reputation and maintenance, and applying policies for dependency approval and monitoring. Then, you’ll discover how to integrate Software Bills of Materials (SBOMs) into your SDLC. You’ll generate SBOMs automatically during builds, track component lineage, and use SBOMs for compliance and incident response workflows. Finally, you'll examine secure build frameworks, including SLSA, NIST SSDF, and CIS supply chain guidance, to learn how to assess your current maturity and prioritize actionable controls for securing your software delivery lifecycle. By the end of this course, you’ll have the skills to protect your software pipeline, improve supply chain visibility, and proactively defend against modern build system compromises.