Is the training Qualiopi certified?

Yes, Learni is a Qualiopi-certified training organization. This certification guarantees the quality of our courses and enables funding through OPCO and other mechanisms.

How can I fund my training?

Our courses are eligible for OPCO funding. Learni supports you through the funding process. A personalized quote is available upon request.

What are the prerequisites for this training?

The prerequisites for the Training SLSA Framework - Securing Professional Supply Chains training are: Expertise in CI/CD (GitHub Actions, Jenkins, GitLab CI), mastery of SBOMs, provenance, and advanced supply chain threats. A preliminary interview validates your eligibility.

Is the training available in person?

Yes, the Training SLSA Framework - Securing Professional Supply Chains training is available in distanciel. The format can be adapted to your needs (inter, intra, custom).

Training SLSA Framework - Securing Professional… | Learni

The story of Learni

Founded by passionate advocates of learning and innovation, Learni set out to make professional training accessible to everyone, everywhere in the world. Our team works in the largest cities such as Paris, Lyon, Marseille, and internationally, to support talents and organizations in their skills development.

Configure your training

Response within 24hNo commitment100% free

9 spots remaining for the next session

FormatParticipantsDateDetails

Which format do you prefer?

Methods, approaches, and teaching resources

The Training SLSA Framework - Securing Professional Supply Chains training is delivered in-person or remotely (blended-learning, e-learning, virtual classroom, remote in-person). At Learni, a Qualiopi-certified training organization, each program is designed to maximize skills acquisition, regardless of the training mode chosen.

The trainer alternates between demonstrative, interrogative, and active methods (through practical exercises and/or real-world scenarios). This pedagogical approach ensures concrete and directly applicable learning in the workplace.

Teaching resources provided

To ensure the quality of the Training SLSA Framework - Securing Professional Supply Chains training, Learni provides the following teaching resources:

Mac or PC computers, high-speed fiber internet, whiteboard or flipchart, video projector or interactive touchscreen (for remote sessions)
Training environments installed on workstations or accessible online
Course materials, practical exercises, and supplementary resources
Post-training access to materials and teaching resources

For in-house training at a location external to Learni, the client ensures and commits to having all necessary teaching materials (IT equipment, internet connection...) for the proper conduct of the training action in accordance with the prerequisites indicated in the communicated training program.

* contact us for remote feasibility** ratio varies depending on the training followed

Assessment methods

The assessment of skills acquired during the Training SLSA Framework - Securing Professional Supply Chains training is carried out through:

During training: case studies, practical exercises, and professional scenarios
At the end of training: self-assessment questionnaire and skills evaluation by the trainer
After training: training completion certificate detailing acquired skills

Training accessibility

Learni is committed to the accessibility of its professional training programs. All our training programs are accessible to people with disabilities. Our teams are available to adapt teaching methods to your specific needs. Do not hesitate to contact us for any accommodation request.

Training objectives

Master the SLSA framework to audit and secure professional pipelines

Implement SLSA levels 1-3 in enterprise CI/CD environments

Develop certified skills in software artifact verification

Design scalable SLSA architectures compliant with security standards

Optimize SLSA processes to prevent supply chain attacks in production

Deploy SLSA with open-source tools for proactive team security

Training program

Module 1SLSA Fundamentals: Understanding the Framework and Supply Chain Threats (Levels 1-4, SLSA Specs)

Dive into the principles of the SLSA framework through analyses of famous breaches like SolarWinds and Log4j, identify concrete risks in your current pipelines, set up a test environment with GitHub Actions and Rekor to verify provenance, perform an initial audit of your Git repo, produce an SLSA maturity report with actionable recommendations to immediately boost professional security.

Module 2SLSA Level 1: Implementing Basic Versioning and Integrity (Git Tags, Cosign Signatures)

Apply SLSA Level 1 to real workflows by signing Git commits and tags with GPG and Cosign, integrate automated checks in GitHub Actions to validate source integrity, test on an enterprise red thread project, generate verifiable SLSA attestations, optimize existing pipelines for quick compliance, deliver a ready-to-deploy workflow with code review by the expert trainer.

Module 3SLSA Level 2: Securing CI/CD Builds (SLSA Provenance, In-Toto Attestations)

Advance to Level 2 by instrumenting pipelines with In-Toto and GitHub SLSA to attest build provenance, deploy secure ephemeral runners via Docker and Kubernetes, simulate injection attacks to validate controls, integrate Syft and Grype to scan dependencies, build a complete SBOM linked to SLSA, export auditable evidence for enterprise compliance teams.

Module 4SLSA Level 3: Advanced Architecture and Scalability (SLSA Verifier, Multi-Environments)

Design Level 3 SLSA architectures with verifiers like SLSA Verifier and Fulcio for a complete chain of trust, migrate Jenkins or GitLab pipelines to SLSA compliance, manage hybrid cloud/on-prem environments, perform exercises on critical enterprise cases, automate continuous audits with OPA/Gatekeeper, produce a deployable blueprint to accelerate organizational security at scale.

Module 5Expert SLSA: Audits, Optimization, and Certification (SLSA Best Practices, Real Enterprise Cases)

Finalize your expertise by auditing a complete pipeline with advanced SLSA tools like Sigstore and Tensor, optimize for performance without compromising security, analyze real enterprise incidents to extract lessons learned, prepare for SLSA certification through simulations, deploy your red thread project in a simulated production environment, receive a personalized action plan for sustainable SLSA integration and to leverage your certified skills.