SBOM: Software Supply Chain Security Masterclass

Last updated on July 13, 2026 10:44 am
Category:

Description

Are you ready to master Software Bill of Materials (SBOM) and become the supply chain security expert your organisation needs in 2026?Software supply chain attacks increased by 245% year-over-year. SolarWinds, Log4Shell, XZ Utils, and 3CX proved one brutal truth: you cannot defend what you cannot see. SBOM is the visibility layer that changes everything — and organisations that implement it respond to critical CVEs in seconds, not weeks.— What is SBOM and why does it matter right now?A Software Bill of Materials (SBOM) is a machine-readable inventory of every component, library, and dependency inside a software product. Executive Order 14028 requires it for all software sold to the US federal government. The EU Cyber Resilience Act mandates it for all CE-marked products by December 2027. The FDA requires it in premarket submissions for medical devices. SBOM is no longer optional — it is a compliance requirement, a procurement expectation, and a security necessity.Yet 86% of organisations find SBOM generation challenging, and most security teams still lack the skills to implement it correctly. This course closes that gap completely.— What You Will Learn- Understand the full software supply chain threat landscape — SolarWinds, Log4Shell, XZ Utils, 3CX anatomy explained- Generate SBOMs using Syft, Trivy, cdxgen, and CycloneDX build plugins- Master SPDX (ISO/IEC 5962:2021), CycloneDX (ECMA-424), and SWID Tags- Integrate SBOM generation into CI/CD pipelines — GitHub Actions, GitLab CI, Jenkins- Deploy OWASP Dependency-Track for enterprise SBOM management and continuous CVE monitoring- Implement VEX workflows to triage and communicate CVE exploitability status- Enforce open-source license compliance with automated policy gates- Meet EO 14028, NTIA, EU CRA, FDA, and NIST SSDF requirements- Write SBOM contractual language for supplier procurement- Sign SBOMs with cosign (Sigstore) for tamper-evident attestation- Respond to zero-day CVEs and supply chain compromises using SBOM-powered scope determination- Build a mature SBOM program from MVP to Level 4 — with 8 measurable KPIs— Hands-On Labs- Generate your first SBOM in under 5 minutes with Syft- CI/CD pipeline YAML for GitHub Actions and Dependency-Track- Configure policy gates blocking critical CVEs and prohibited licenses- Set up OWASP Dependency-Track with Docker Compose- Apply the 10-point OSS intake checklist- Use the 72-hour CVE response runbook— 13 Modules covering: Threat Landscape · SBOM Fundamentals · SPDX vs CycloneDX · Syft & Trivy Tools · SDLC Integration · Vulnerability Management · License Governance · Regulatory Compliance · Procurement · SBOM Operations · Incident Response · Program Maturity · Certification Path— Regulatory Coverage: EO 14028 · NTIA Minimum Elements · OMB M-22-18 · FDA Cybersecurity · NIST SSDF · EU Cyber Resilience Act · EU NIS2—Enrol now and build the supply chain security visibility your organisation needs — before a CVE forces the question.

Reviews

There are no reviews yet.

Be the first to review “SBOM: Software Supply Chain Security Masterclass”

Your email address will not be published. Required fields are marked *