Rigorous trainer selection
Each trainer is validated on three criteria: hands-on field expertise, proven pedagogy and alignment with your industry.
- Triple validation: technical, pedagogical, sectoral.
- Minimum rating 4.8/5 over the last 12 sessions.
Learning objectives
- Master SBOM generation for professional certifying projects
- Develop skills in vulnerability analysis via SBOM in the enterprise
- Implement SBOM integration into secure CI/CD pipelines
- Design SBOM strategies for regulatory compliance
- Optimize software component traceability with advanced tools
- Deploy actionable SBOMs for audits and rapid remediation
The Learni story
Founded by passionate learning and innovation experts, Learni's mission is to make professional training accessible to everyone, anywhere in the world. Our team operates in major hubs — London, New York, Boston — and internationally, to support talents and organizations in upskilling.
Don't let this gap widen
Why this program matters
Without this upskilling, your team accumulates a technological gap that translates directly into productivity loss.
Organizations that don't train their talents on key topics see their competitiveness drop.
Every quarter without training is a gap widening with competitors who invest.
The cost of inaction quickly exceeds that of well-targeted training.
Program
Module 1SBOM Fundamentals: Standards and Initial Generation (SPDX, CycloneDX, Syft Tools)
Dive into SBOM standards like SPDX and CycloneDX to understand their structure and professional utility. Install open-source tools such as Syft and Trivy, generate your first SBOM from a real project, analyze its composition in components and dependencies, perform practical exercises on enterprise applications, produce an annotated SBOM deliverable ready for audit, with immediate trainer feedback to consolidate your skills.
Module 2SBOM Analysis: Vulnerability Detection and Risks (OWASP, CVE, Advanced Scanning)
Leverage SBOMs to scan vulnerabilities with tools like Grype and Dependency-Track, map CVEs to your software components, simulate supply chain attacks on real-world cases inspired by Log4Shell, prioritize risks using CVSS scoring, integrate enriched metadata for optimal traceability, develop a customized analysis report, apply collaborative remote exercises to quickly identify critical vulnerabilities in your professional projects.
Module 3SBOM Integration: CI/CD Pipelines and Automation (GitHub Actions, Jenkins, GitLab)
Integrate automatic SBOM generation into your CI/CD workflows using GitHub Actions and Jenkins, configure pipelines for continuous compliance validation, test SBOM export to platforms like Sonatype or Anchore, manage dynamic dependency updates, implement blocking security gates, work on an enterprise ongoing project, produce reusable scripts and monitoring dashboards, enhancing your DevSecOps teams' efficiency.
Module 4Advanced SBOM Management: Compliance and Inter-Enterprise Sharing (SLSA, Executive Order)
Master regulatory requirements like Executive Order 14028 and SLSA for certifying SBOMs, digitally sign your SBOMs with cosign and in-toto, securely share them via registries like Sigstore, audit third-party supply chains, develop enterprise remediation policies, apply multi-vendor practical cases, generate actionable compliance reports, transforming your skills into a strategic asset for Qualiopi certification and beyond.
Module 5SBOM Optimization: Real Cases and Production Deployment (Monitoring, Remediation)
Deploy SBOMs in production with continuous monitoring via Open Policy Agent, simulate real incidents to test resilience, optimize SBOM size and performance for scalable environments, integrate AI to predict emerging risks, finalize your ongoing project with live deployment, receive expert code review, export enterprise-ready deliverables, conclude with personalized strategies for proactive and cost-effective software security.
Evaluation method
- Multiple-choice quiz to validate learning outcomes at the end of the training
- Continuous assessment through practical SBOM exercises
- Presentation of the ongoing SBOM project to the trainer
Learning method
- Courses led by an active DevSecOps expert trainer
- Hands-on exercises on real enterprise cases with SBOM
- Progressive ongoing project throughout the training
- Complete course materials provided to each participant
Methods, materials and delivery
The Training SBOM - Securing the Software Supply Chain program is delivered onsite or remote (blended-learning, e-learning, virtual classroom, remote presence). At Learni, an industry-certified training organization, every program is built to maximize skills acquisition regardless of the chosen format.
The trainer alternates between demonstrative, interrogative and active methods (through hands-on labs and/or scenarios). This pedagogical approach guarantees concrete learning that's immediately applicable at work.
Equipment required
For the smooth delivery of the Training SBOM - Securing the Software Supply Chain program, the following equipment is required:
- Mac or PC computers, high-speed fiber internet, whiteboard or flipchart, projector or interactive touch screen (for remote sessions)
- Training environments installed on workstations or accessible online
- Course materials, hands-on exercises and complementary resources
- Post-training access to materials and educational resources
For intra-company training on a site outside Learni, the client commits to providing all required teaching materials (computers, internet, etc.) for the smooth delivery of the program in line with the prerequisites in the communicated program.
* contact us for remote delivery feasibility** ratio varies depending on the program
Skills assessment methods
Assessment of skills acquired during the Training SBOM - Securing the Software Supply Chain program is performed through:
- During training: case studies, hands-on labs and professional scenarios
- End of training: self-assessment questionnaire and skills evaluation by the trainer
- After training: completion certificate detailing acquired skills
Program accessibility
Learni is committed to making its programs accessible. All our programs are accessible to people with disabilities. Our teams are available to adapt the pedagogical methods to your specific needs. Please contact us for any adjustment request.
Enrollment terms and lead times
Learni programs are available inter-company and intra-company, onsite or remote. Enrollments are possible up to 48 business hours before the program starts. Our programs are eligible for corporate funding paths. Contact us to discuss your training project and funding options.
Verified reviews
What our learners
★★★★★
« cool, j'ai appris des trucs »
★★★★★
« j'etais perdu au debut mais Ramy Saharaoui m'a pas laché, il a pris le temps. merci vraiment »
★★★★★
« la formation dev etait intense mais grave bien. merci Anthony Khelil »
★★★★★
« 😊👍 »
★★★★★
« bien 👍 »
★★★★★
« Allan Busi t'es au top, continue comme ça. formation géniale »
★★★★★
« cool, j'ai appris des trucs »
★★★★★
« j'etais perdu au debut mais Ramy Saharaoui m'a pas laché, il a pris le temps. merci vraiment »
★★★★★
« la formation dev etait intense mais grave bien. merci Anthony Khelil »
★★★★★
« 😊👍 »
★★★★★
« bien 👍 »
★★★★★
« Allan Busi t'es au top, continue comme ça. formation géniale »
★★★★★
« cool, j'ai appris des trucs »
★★★★★
« j'etais perdu au debut mais Ramy Saharaoui m'a pas laché, il a pris le temps. merci vraiment »
★★★★★
« la formation dev etait intense mais grave bien. merci Anthony Khelil »
★★★★★
« 😊👍 »
★★★★★
« bien 👍 »
★★★★★
« Allan Busi t'es au top, continue comme ça. formation géniale »
Our method
Training quality, guaranteed at every step
Before, during, after: we frame the brief, introduce the trainer, tailor the content and measure impact. You stay in control from kickoff to wrap-up.
You meet the trainer beforehand
30-minute video call between you and the selected trainer to validate the fit, adjust content and clear any final doubts.
- Live briefing on goals and team context.
- Veto right — we swap the trainer for free if needed.
Content tailored to your context
No recycled slides. The syllabus is reworked from your real cases: tools, constraints, vocabulary, ongoing projects.
- Hands-on cases drawn from your stack and projects.
- Program co-written then validated by your team.
Continuous quality follow-up
Live evaluations, 30/90/180-day check-ins and a consolidation plan. If the impact misses the mark, we rework it.
- NPS, knowledge quizzes and skills self-assessment.
- Satisfaction guarantee: fully satisfied or free rework.
A simple promise: you don't pay to discover the trainer on day one. Everything is validated upfront, by you.
Développement Web
More programs in Développement Web.
Développement WebIndustry-certifiedAPNs Training - Expert Scaling iOS Push Notifications
$2,640Net · employer-funded
Développement WebIndustry-certifiedASP.NET Core : Maîtriser le Développement Web Moderne
$6,600Net · employer-funded
Développement WebIndustry-certifiedATDD : Maîtriser l’Acceptance Test Driven Development en équipes agiles
$3,960Net · employer-funded
Développement WebIndustry-certifiedAWS IoT Core : Maîtrisez la gestion intelligente des objets connectés
$3,960Net · employer-funded
Développement WebIndustry-certifiedAWS Security Hub : Maîtriser la sécurité cloud avec AWS
$2,640Net · employer-funded
Développement WebIndustry-certifiedAccélérer vos modèles d’Intelligence Artificielle avec OpenVINO : de l’optimisation à la mise en production
$3,960Net · employer-funded
DevOps
More programs in DevOps.
DevOpsIndustry-certifiedAdvanced Ansible Training - Automate Your Infrastructure in 35 Hours
$6,300Net · employer-funded
DevOpsIndustry-certifiedAdvanced CircleCI Training - Master Complex CI/CD Pipelines
$1,260Net · employer-funded
DevOpsIndustry-certifiedAdvanced Consul Training - Deploy Resilient Services in Production
$2,520Net · employer-funded
DevOpsIndustry-certifiedAdvanced Consul Training - Secure Your Distributed Services
$6,300Net · employer-funded
DevOpsIndustry-certifiedAdvanced Drone CI Training - Master Open-Source CI/CD Pipelines
$2,520Net · employer-funded
DevOpsIndustry-certifiedAdvanced ELK Stack Training - Optimize Logs and Alerts in Production
$5,040Net · employer-funded
Cybersécurité
More programs in Cybersécurité.
CybersécuritéIndustry-certifiedAdministration et Analyse de la Sécurité avec ArcSight SIEM : Maîtriser la Supervision des Incidents
$3,960Net · employer-funded
CybersécuritéIndustry-certifiedAnalyse Binaire Avancée avec Ghidra : Maîtriser la rétro-ingénierie pour la cybersécurité
$3,960Net · employer-funded
CybersécuritéIndustry-certifiedAnalyse et Extraction de Firmwares avec Binwalk : Maîtriser un Outil Incontournable en Reverse Engineering
$1,320Net · employer-funded
CybersécuritéIndustry-certifiedApprendre John the Ripper : Expert en Audit et Sécurité des Mots de Passe
$2,640Net · employer-funded
CybersécuritéIndustry-certifiedAudit de Sécurité Web : Maîtriser Nikto pour l’Analyse des Vulnérabilités HTTP
$1,320Net · employer-funded
CybersécuritéIndustry-certifiedBlue Team Tools : Maîtriser les Outils Essentiels de la Cyberdéfense
$3,960Net · employer-funded
Intelligence Artificielle
More programs in Intelligence Artificielle.
Intelligence ArtificielleIndustry-certifiedASP.NET Expert Training - Develop Scalable and Secure Apps
$5,040Net · employer-funded
Intelligence ArtificielleIndustry-certifiedAdvanced ASP.NET Training - Develop Scalable Web Apps
$5,040Net · employer-funded
Intelligence ArtificielleIndustry-certifiedAdvanced Algolia Training - Boost Your Ultra-Fast Searches
$1,260Net · employer-funded
Intelligence ArtificielleIndustry-certifiedAdvanced Algolia Training - Optimize Ultra-Fast Searches
$3,780Net · employer-funded
Intelligence ArtificielleIndustry-certifiedAdvanced BigQuery Training - Analyze Petabytes in Real Time
$5,040Net · employer-funded
Intelligence ArtificielleIndustry-certifiedAdvanced BigQuery Training - Optimize Massive Analyses
$3,780Net · employer-funded
Your professional training, anywhere
Let's build
your next
program.
30 minutes with a learning advisor. No commitment. No sales pitch dressed up as a demo.
Reply within 24 h · Industry-certified · Corporate funding