SBOM Deep Dive
RCCE students will learn Software Bill of Materials creation, management, and security analysis including SBOM formats (SPDX, CycloneDX), dependency enumeration, vulnerability correlation, and license compliance. RCCE students will learn to generate SBOMs from source code and container images, analyze SBOM contents for known vulnerabilities, track dependency health across software portfolios, integrate SBOM generation into CI/CD pipelines, respond to newly disclosed vulnerabilities by querying SBOMs across the organization, comply with SBOM requirements from government regulations and customer contracts, and use SBOMs to improve software supply chain visibility and risk management. This deep-dive course provides comprehensive technical coverage that goes beyond surface-level understanding. At an expert level, RCCE students will learn to master the nuances, edge cases, and advanced configurations that separate competent practitioners from true experts. Students will engage with complex real-world scenarios and gain the depth of knowledge required to troubleshoot difficult situations, mentor junior team members, and make architectural decisions with confidence.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing SBOM Deep Dive
- Execute hands-on tasks for sbom deep dive
- Execute hands-on tasks for software bill of materials: creation, management & security analysis
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will master
- Execute hands-on tasks for key attributes — covering Machine-readable format.
- Execute hands-on tasks for business drivers — covering Executive Order 14028 mandate.
- Execute hands-on tasks for technical drivers — covering Transitive dependency visibility.
- Execute hands-on tasks for sbom lifecycle management
- Explain SPDX Overview fundamentals — covering ISO/IEC 5962:2021 international standard, Linux Foundation governed specification.
- Explain Linux Foundation governed specification fundamentals
- Execute hands-on tasks for iso/iec 5962:2021 international standard — covering Linux Foundation governed specification.
- Execute hands-on tasks for key sections — covering Document Creation Information, Package Information & relationships.
| Module 01 | SBOM Deep Dive |
| Module 02 | Software Bill of Materials: Creation, Management & Security Analysis |
| Module 03 | Course Overview |
| Module 04 | What You Will Master |
| Module 05 | Key Attributes |
| Module 06 | Business Drivers |
| Module 07 | Technical Drivers |
| Module 08 | SBOM Lifecycle Management |
| Module 09 | SPDX Overview |
| Module 10 | Linux Foundation governed specification |
| Module 11 | ISO/IEC 5962:2021 international standard |
| Module 12 | Key Sections |
| Module 13 | Document Creation Information |
| Module 14 | CycloneDX Overview |
All hands-on labs run on Rocheston Rose X OS. Students practice sbom deep dive by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for sbom deep dive
- Lab 2: Execute hands-on tasks for software bill of materials: creation, management & security analysis
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Execute hands-on tasks for what you will master
- Lab 5: Execute hands-on tasks for key attributes
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for SBOM Deep Dive, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI