Is the training Qualiopi certified?

Yes, Learni is a Qualiopi-certified training organization. This certification guarantees the quality of our courses and enables funding through OPCO and other mechanisms.

How can I fund my training?

Our courses are eligible for OPCO funding. Learni supports you through the funding process. A personalized quote is available upon request.

What are the prerequisites for this training?

The prerequisites for the Training SLSA Framework - Securing Professional CI/CD Pipelines training are: Proficiency in CI/CD (GitHub Actions, Jenkins), Docker, and supply chain security basics. A preliminary interview validates your eligibility.

Is the training available in person?

Yes, the Training SLSA Framework - Securing Professional CI/CD Pipelines training is available in remote. The format can be adapted to your needs (inter, intra, custom).

Training SLSA Framework - Securing Professional ... | Learni

The story of Learni

Founded by passionate advocates of learning and innovation, Learni set out to make professional training accessible to everyone, everywhere in the world. Our team works in the largest cities such as Paris, Lyon, Marseille, and internationally, to support talents and organizations in their skills development.

Configure your training

Response within 24hNo commitment100% free

9 spots remaining for the next session

FormatParticipantsDateDetails

Which format do you prefer?

Methods, approaches, and teaching resources

The Training SLSA Framework - Securing Professional CI/CD Pipelines training is delivered in-person or remotely (blended-learning, e-learning, virtual classroom, remote in-person). At Learni, a Qualiopi-certified training organization, each program is designed to maximize skills acquisition, regardless of the training mode chosen.

The trainer alternates between demonstrative, interrogative, and active methods (through practical exercises and/or real-world scenarios). This pedagogical approach ensures concrete and directly applicable learning in the workplace.

Teaching resources provided

To ensure the quality of the Training SLSA Framework - Securing Professional CI/CD Pipelines training, Learni provides the following teaching resources:

Mac or PC computers, high-speed fiber internet, whiteboard or flipchart, video projector or interactive touchscreen (for remote sessions)
Training environments installed on workstations or accessible online
Course materials, practical exercises, and supplementary resources
Post-training access to materials and teaching resources

For in-house training at a location external to Learni, the client ensures and commits to having all necessary teaching materials (IT equipment, internet connection...) for the proper conduct of the training action in accordance with the prerequisites indicated in the communicated training program.

* contact us for remote feasibility** ratio varies depending on the training followed

Assessment methods

The assessment of skills acquired during the Training SLSA Framework - Securing Professional CI/CD Pipelines training is carried out through:

During training: case studies, practical exercises, and professional scenarios
At the end of training: self-assessment questionnaire and skills evaluation by the trainer
After training: training completion certificate detailing acquired skills

Training accessibility

Learni is committed to the accessibility of its professional training programs. All our training programs are accessible to people with disabilities. Our teams are available to adapt teaching methods to your specific needs. Do not hesitate to contact us for any accommodation request.

Training objectives

Master SLSA levels for secure professional CI/CD pipelines

Implement SLSA controls in certifying enterprise environments

Develop SLSA audit skills on real software artifacts

Design SLSA-compliant workflows with open-source tools

Optimize supply chains against supply chain attacks

Deploy automated SLSA verifications in production

Integrate SLSA framework into enterprise security strategies

Training program

Module 1SLSA Fundamentals: Principles and Maturity Levels (SLSA 1-4, Verification Tools)

Dive into the basics of the SLSA framework through interactive workshops, analyze the 4 security levels for CI/CD pipelines, configure tools like slsa-verifier and secure GitHub Actions, perform manual audits on open-source projects, produce initial compliance reports, apply concrete SolarWinds attack cases to anchor lasting professional skills.

Module 2SLSA Level 2: Implementing Source and Build Controls (Git Integrity, Provenance)

Get hands-on with practical exercises on SLSA Level 2, integrate Git tags and cryptographic signatures into your repositories, deploy reproducible builders via Bazel or Nix, test SLSA metadata generation on Docker artifacts, simulate code injection attacks to validate defenses, generate compliant deliverables ready for enterprise audits, boost pipeline efficiency starting tomorrow.

Module 3SLSA Level 3: Automating Dependencies and Verifications (Rekor, Cosign)

Advance to SLSA Level 3 with intensive labs, automate dependency scans using SLSA provenance and tools like Sigstore Rekor, integrate Cosign for container signatures, analyze complex multi-stage CI/CD chains, resolve real-world Log4j breach cases, produce compliance dashboards for DevSecOps teams, transform your practices into a secure fortress.

Module 4Advanced SLSA: Audits and Level 4 Compliance (SLSA Verifier, Enterprise CI/CD)

Reach SLSA Level 4 expertise through advanced simulations, deploy slsa-verifier on Jenkins or GitLab pipelines, audit end-to-end workflows with cryptographic proofs, integrate SLSA into enterprise zero-trust strategies, handle simulated supply chain incidents, develop certifying policies for regulatory compliance, deliver a project portfolio demonstrating immediate security ROI.

Module 5SLSA Deployment: Optimization and Enterprise Cases (Production Integration, Monitoring)

Conclude by applying the SLSA framework to your capstone project, optimize verification performance without slowing deployments, integrate continuous monitoring with Prometheus and SLSA alerts, share group experiences, finalize personalized action plans for your organization, receive validated competency certificates, leave ready to secure supply chains at industrial scale.