Learn SBOM from the Ground Up

Structured courses, interactive exercises, and certification prep for SBOM practitioners.

Start Learning 3 completed, 12 remaining

Course Curriculum

01

What is an SBOM?

4 lessons 45 min
  • Introduction to Software Supply Chains
  • What Does an SBOM Contain?
  • Why Organizations Need SBOMs
  • SBOM Regulatory Landscape
02

SBOM Formats: SPDX & CycloneDX

5 lessons 1h 15min
  • Overview of SBOM Standards
  • SPDX Document Structure
  • CycloneDX Components & Services
  • 4 Comparing SPDX and CycloneDX
  • 5 Choosing the Right Format
03

Generating SBOMs in CI/CD

3 lessons 50 min
  • 1 SBOM Generation Tools Overview
  • 2 Integrating Syft & Trivy in Pipelines
  • 3 Automating SBOM Attestation
04

Vulnerability Matching & VEX

3 lessons 55 min
  • 1 Understanding CVEs and CPEs
  • 2 VEX: Vulnerability Exploitability Exchange
  • 3 Correlating SBOMs with Vulnerability Databases

Key Concept: Software Bill of Materials

An SBOM is a formal, machine-readable inventory of software components and dependencies — including libraries, versions, and licensing. Think of it as a nutrition label for software, enabling organizations to identify and manage supply-chain risk.

Practice Zone

Exercise: Identify the Components

Examine the following SBOM snippet and identify the direct dependencies:

"components": [ { "name": "express", "version": "4.18.2" }, { "name": "lodash", "version": "4.17.21" }, { "name": "axios", "version": "1.6.0" } ]

Your Answer