© 2026 UdemyXpert. All rights reserved.

SBOM: Software Supply Chain Security Masterclass1 hour agoIT & Software
[100% OFF] SBOM: Software Supply Chain Security Masterclass

Master CycloneDX, SPDX, EO 14028, EU Cyber Resilience Act & Syft — with hands-on labs using OWASP Dependency-Track

Star0
Users29 students
Clock2h total length
English
$0$14.99100% OFF

Course Description

Are you ready to master Software Bill of Materials (SBOM) and become the supply chain security expert your organisation needs in 2026?


Software supply chain attacks increased by 245% year-over-year. SolarWinds, Log4Shell, XZ Utils, and 3CX proved one brutal truth: you cannot defend what you cannot see. SBOM is the visibility layer that changes everything — and organisations that implement it respond to critical CVEs in seconds, not weeks.


---

What is SBOM and why does it matter right now?


A Software Bill of Materials (SBOM) is a machine-readable inventory of every component, library, and dependency inside a software product. Executive Order 14028 requires it for all software sold to the US federal government. The EU Cyber Resilience Act mandates it for all CE-marked products by December 2027. The FDA requires it in premarket submissions for medical devices. SBOM is no longer optional — it is a compliance requirement, a procurement expectation, and a security necessity.


Yet 86% of organisations find SBOM generation challenging, and most security teams still lack the skills to implement it correctly. This course closes that gap completely.


---

What You Will Learn


- Understand the full software supply chain threat landscape — SolarWinds, Log4Shell, XZ Utils, 3CX anatomy explained

- Generate SBOMs using Syft, Trivy, cdxgen, and CycloneDX build plugins

- Master SPDX (ISO/IEC 5962:2021), CycloneDX (ECMA-424), and SWID Tags

- Integrate SBOM generation into CI/CD pipelines — GitHub Actions, GitLab CI, Jenkins

- Deploy OWASP Dependency-Track for enterprise SBOM management and continuous CVE monitoring

- Implement VEX workflows to triage and communicate CVE exploitability status

- Enforce open-source license compliance with automated policy gates

- Meet EO 14028, NTIA, EU CRA, FDA, and NIST SSDF requirements

- Write SBOM contractual language for supplier procurement

- Sign SBOMs with cosign (Sigstore) for tamper-evident attestation

- Respond to zero-day CVEs and supply chain compromises using SBOM-powered scope determination

- Build a mature SBOM program from MVP to Level 4 — with 8 measurable KPIs


---

Hands-On Labs


- Generate your first SBOM in under 5 minutes with Syft

- CI/CD pipeline YAML for GitHub Actions and Dependency-Track

- Configure policy gates blocking critical CVEs and prohibited licenses

- Set up OWASP Dependency-Track with Docker Compose

- Apply the 10-point OSS intake checklist

- Use the 72-hour CVE response runbook


---

13 Modules covering: Threat Landscape · SBOM Fundamentals · SPDX vs CycloneDX · Syft & Trivy Tools · SDLC Integration · Vulnerability Management · License Governance · Regulatory Compliance · Procurement · SBOM Operations · Incident Response · Program Maturity · Certification Path


---

Regulatory Coverage: EO 14028 · NTIA Minimum Elements · OMB M-22-18 · FDA Cybersecurity · NIST SSDF · EU Cyber Resilience Act · EU NIS2


---

Enrol now and build the supply chain security visibility your organisation needs — before a CVE forces the question.

Similar Courses