Essentials of SBOM
RCCE students will learn Software Bill of Materials creation, management, and security analysis including SBOM formats (SPDX, CycloneDX), dependency enumeration, vulnerability correlation, and license compliance. RCCE students will learn to generate SBOMs from source code and container images, analyze SBOM contents for known vulnerabilities, track dependency health across software portfolios, integrate SBOM generation into CI/CD pipelines, respond to newly disclosed vulnerabilities by querying SBOMs across the organization, comply with SBOM requirements from government regulations and customer contracts, and use SBOMs to improve software supply chain visibility and risk management. This essentials course covers the core knowledge needed to operate competently in this domain. Starting from foundational concepts, RCCE students will learn the fundamental concepts, terminology, risks, and defenses that form the foundation for all further study and professional practice. Students build a solid knowledge base that prepares them for more advanced courses and real-world security responsibilities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Essentials of SBOM
- Execute hands-on tasks for software bill of materials: creation, management & security analysis
- Execute hands-on tasks for supply chain attacks — covering SolarWinds breach (2020).
- Execute hands-on tasks for regulatory pressure — covering US Executive Order.
- Execute hands-on tasks for global supply chain regulations now require sboms
- Execute hands-on tasks for component name
- Execute hands-on tasks for version string
- Execute hands-on tasks for supplier info — covering Package identifier.
- Explain SBOM Formats Overview fundamentals — covering CycloneDX, OWASP flagship project.
- Explain Linux Foundation stewardship fundamentals — covering CycloneDX, OWASP flagship project.
- Execute hands-on tasks for spdx format deep dive
- Execute hands-on tasks for document structure — covering Document Creation Info section, Package Information blocks.
- Execute hands-on tasks for document creation info section — covering Package Information blocks.
| Module 01 | Software Bill of Materials: Creation, Management & Security Analysis |
| Module 02 | Supply Chain Attacks |
| Module 03 | Regulatory Pressure |
| Module 04 | Global supply chain regulations now require SBOMs |
| Module 05 | Component Name |
| Module 06 | Version String |
| Module 07 | Supplier Info |
| Module 08 | SBOM Formats Overview |
| Module 09 | Linux Foundation stewardship |
| Module 10 | SPDX Format Deep Dive |
| Module 11 | Document Structure |
| Module 12 | Document Creation Info section |
| Module 13 | FilesAnalyzed, PackageChecksum |
| Module 14 | CycloneDX Format Deep Dive |
All hands-on labs run on Rocheston Rose X OS. Students practice essentials of sbom by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for software bill of materials: creation, management & security analysis
- Lab 2: Execute hands-on tasks for supply chain attacks
- Lab 3: Execute hands-on tasks for regulatory pressure
- Lab 4: Execute hands-on tasks for global supply chain regulations now require sboms
- Lab 5: Execute hands-on tasks for component name
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Essentials of SBOM, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI