Hands-On SBOM
RCCE students will learn Software Bill of Materials creation, management, and security analysis including SBOM formats (SPDX, CycloneDX), dependency enumeration, vulnerability correlation, and license compliance. RCCE students will learn to generate SBOMs from source code and container images, analyze SBOM contents for known vulnerabilities, track dependency health across software portfolios, integrate SBOM generation into CI/CD pipelines, respond to newly disclosed vulnerabilities by querying SBOMs across the organization, comply with SBOM requirements from government regulations and customer contracts, and use SBOMs to improve software supply chain visibility and risk management. This practice-intensive course emphasizes applied skills through lab exercises, real-world scenarios, and production-realistic workflows. Starting from foundational concepts, RCCE students will learn by doing, building muscle memory and practical confidence through repeated hands-on engagement. Students complete exercises that mirror actual workplace tasks, ensuring skills transfer directly to their professional roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Hands-On SBOM
- Execute hands-on tasks for software bill of materials: creation, management & security analysis
- Explain Course Overview & Learning Objectives fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for course structure — covering Skills You Will Build.
- Execute hands-on tasks for modern apps
- Execute hands-on tasks for avg dependencies
- Execute hands-on tasks for per project
- Execute hands-on tasks for supply chain attacks
- Execute hands-on tasks for key drivers — covering Executive Order 14028 mandates SBOMs.
- Execute hands-on tasks for business impact — covering Faster vulnerability response times.
- Execute hands-on tasks for software supply chain fundamentals
- Execute hands-on tasks for source code → dependencies → build system →
| Module 01 | Software Bill of Materials: Creation, Management & Security Analysis |
| Module 02 | Course Overview & Learning Objectives |
| Module 03 | What You Will Learn |
| Module 04 | Course Structure |
| Module 05 | Modern Apps |
| Module 06 | Avg Dependencies |
| Module 07 | Per Project |
| Module 08 | Supply Chain Attacks |
| Module 09 | Key Drivers |
| Module 10 | Business Impact |
| Module 11 | Software Supply Chain Fundamentals |
| Module 12 | Source Code → Dependencies → Build System → |
| Module 13 | Upstream Components |
| Module 14 | Build & Distribution |
All hands-on labs run on Rocheston Rose X OS. Students practice hands-on sbom by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for software bill of materials: creation, management & security analysis
- Lab 2: Explain Course Overview & Learning Objectives fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for course structure
- Lab 5: Execute hands-on tasks for modern apps
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Hands-On SBOM, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI