Advertisements

SBOM: Software Supply Chain Security Masterclass

Advertisements
Master CycloneDX, SPDX, EO 14028, EU Cyber Resilience Act & Syft — with hands-on labs using OWASP Dependency-Track
1
1/5
(52) Ratings
29 students
Created by Armaan Sidana
Advertisements

What you'll learn

  • Generate and validate SBOMs in CycloneDX and SPDX formats using Syft, Trivy, and OWASP Dependency-Track for real-world software projects.
  • Identify and remediate supply chain vulnerabilities by mapping CVEs, transitive dependencies, and malicious packages inside SBOMs
  • Implement SBOM programs that satisfy NTIA, EO 14028, FDA, and EU Cyber Resilience Act compliance requirements for regulated industries
  • Build an end-to-end SBOM pipeline with automated ingestion, continuous monitoring, vendor risk scoring, and executive-ready reporting
This course includes:
2.5 total hours on-demand video
0 articles
0 downloadable resources
13 lessons
Full lifetime access
Access on mobile and TV
Certificate of completion
Advertisements

Course content

Requirements

  • Basic understanding of software development or IT security concepts — no SBOM or supply chain experience required
  • Familiarity with the command line (Linux/Windows) is helpful but not mandatory — all tools are demonstrated step by step.
  • No prior knowledge of SBOM standards (SPDX, CycloneDX) needed — everything is taught from the ground up with real examples
  • Security professionals, developers, DevOps engineers, and compliance officers will all find this course immediately applicable

Description

Are you ready to master Software Bill of Materials (SBOM) and become the supply chain security expert your organisation needs in 2026?

Software supply chain attacks increased by 245% year-over-year. SolarWinds, Log4Shell, XZ Utils, and 3CX proved one brutal truth: you cannot defend what you cannot see. SBOM is the visibility layer that changes everything — and organisations that implement it respond to critical CVEs in seconds, not weeks.

What is SBOM and why does it matter right now?

A Software Bill of Materials (SBOM) is a machine-readable inventory of every component, library, and dependency inside a software product. Executive Order 14028 requires it for all software sold to the US federal government. The EU Cyber Resilience Act mandates it for all CE-marked products by December 2027. The FDA requires it in premarket submissions for medical devices. SBOM is no longer optional — it is a compliance requirement, a procurement expectation, and a security necessity.

Yet 86% of organisations find SBOM generation challenging, and most security teams still lack the skills to implement it correctly. This course closes that gap completely.

What You Will Learn

– Understand the full software supply chain threat landscape — SolarWinds, Log4Shell, XZ Utils, 3CX anatomy explained

– Generate SBOMs using Syft, Trivy, cdxgen, and CycloneDX build plugins

– Master SPDX (ISO/IEC 5962:2021), CycloneDX (ECMA-424), and SWID Tags

– Integrate SBOM generation into CI/CD pipelines — GitHub Actions, GitLab CI, Jenkins

– Deploy OWASP Dependency-Track for enterprise SBOM management and continuous CVE monitoring

– Implement VEX workflows to triage and communicate CVE exploitability status

– Enforce open-source license compliance with automated policy gates

– Meet EO 14028, NTIA, EU CRA, FDA, and NIST SSDF requirements

– Write SBOM contractual language for supplier procurement

– Sign SBOMs with cosign (Sigstore) for tamper-evident attestation

– Respond to zero-day CVEs and supply chain compromises using SBOM-powered scope determination

– Build a mature SBOM program from MVP to Level 4 — with 8 measurable KPIs

Hands-On Labs

– Generate your first SBOM in under 5 minutes with Syft

– CI/CD pipeline YAML for GitHub Actions and Dependency-Track

– Configure policy gates blocking critical CVEs and prohibited licenses

– Set up OWASP Dependency-Track with Docker Compose

– Apply the 10-point OSS intake checklist

– Use the 72-hour CVE response runbook

13 Modules covering: Threat Landscape · SBOM Fundamentals · SPDX vs CycloneDX · Syft & Trivy Tools · SDLC Integration · Vulnerability Management · License Governance · Regulatory Compliance · Procurement · SBOM Operations · Incident Response · Program Maturity · Certification Path

Regulatory Coverage: EO 14028 · NTIA Minimum Elements · OMB M-22-18 · FDA Cybersecurity · NIST SSDF · EU Cyber Resilience Act · EU NIS2

Enrol now and build the supply chain security visibility your organisation needs — before a CVE forces the question.

Who this course is for:

  • Security engineers and DevSecOps professionals who need to implement SBOM pipelines, automate vulnerability tracking, and meet supply chain compliance mandates like EO 14028 or the EU Cyber Resilience Act
  • Software developers and architects who want to understand dependency risks, integrate SBOM generation into CI/CD workflows, and ship more secure, auditable code
  • GRC analysts, compliance officers, and CISOs responsible for vendor risk management, software procurement policies, or regulated industry requirements (FDA, DORA, NIS2)
  • IT professionals and ethical hackers pursuing supply chain security skills — including detection of malicious packages, transitive dependency exploitation, and third-party risk assessment
Advertisements
54EFF44127C434C068C5
Advertisements
Advertisements
Free Online Courses with Certificates
Logo
Register New Account