* Cantinho Satkeys

Refresh History
  • FELISCUNHA: Votos de um santo domingo para todo o auditório  k8h9m
    Hoje às 10:44
  • JP: try65hytr Pessoal  4tj97u<z  2dgh8i k7y8j0
    14 de Julho de 2026, 05:28
  • j.s.: ghyt74 a todos
    13 de Julho de 2026, 08:29
  • cereal killa: try65hytr pessoal  r4v8p 4tj97u<z
    08 de Julho de 2026, 22:21
  • JP: dgtgtr Pessoal 4tj97u<z 2dgh8i k7y8j0 r4v8p
    07 de Julho de 2026, 18:29
  • j.s.: tenham um bom domingo  4tj97u<z
    05 de Julho de 2026, 09:39
  • j.s.: ghyt74 a todos  49E09B4F
    05 de Julho de 2026, 09:38
  • JP: try65hytr Pessoal  4tj97u<z 2dgh8i k7y8j0 r4v8p xe4s
    03 de Julho de 2026, 04:43
  • cereal killa: try65hytr pessoal,esta calor do karago  r4v8p 43e5r6
    01 de Julho de 2026, 22:01
  • j.s.: try65hytr a todos  49E09B4F
    30 de Junho de 2026, 21:02
  • JP: try65hytr Pessoal  4tj97u<z  2dgh8i k7y8j0 r4v8p
    30 de Junho de 2026, 05:31
  • JP: try65hytr Pessoal  4tj97u<z 2dgh8i k7y8j0 classic
    26 de Junho de 2026, 05:05
  • cereal killa: ghyt74 e continuaçao bom sao joao  wwd46l0'
    24 de Junho de 2026, 12:16
  • JP: try65hytr Pessoal  4tj97u<z 2dgh8i k7y8j0 xe4s
    24 de Junho de 2026, 04:05
  • FELISCUNHA: ghyt74   4tj97u<z e bom São João  h7i37
    23 de Junho de 2026, 10:55
  • j.s.: dgtgtr a todos  49E09B4F
    20 de Junho de 2026, 15:51
  • FELISCUNHA: ghyt74   49E09B4F  e bom fim de semana  4tj97u<z
    20 de Junho de 2026, 11:31
  • JP: try65hytr Pessoal  4tj97u<z 2dgh8i k7y8j0
    19 de Junho de 2026, 04:41
  • romi: Beleza
    19 de Junho de 2026, 04:28
  • cereal killa: try65hytr pessoal  2dgh8i
    18 de Junho de 2026, 23:28

Autor Tópico: SBOM Software Supply Chain Security Masterclass  (Lida 8 vezes)

0 Membros e 1 Visitante estão a ver este tópico.

Online WAREZBLOG

  • Moderador Global
  • ***
  • Mensagens: 15299
  • Karma: +0/-0
SBOM Software Supply Chain Security Masterclass
« em: 17 de Julho de 2026, 09:15 »

SBOM Software Supply Chain Security Masterclass
Published 7/2026
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz, 2 Ch
Language: English | Duration: 2h 17m | Size: 1016.22 MB
Master CycloneDX, SPDX, EO 14028, EU Cyber Resilience Act & Syft - with hands-on labs using OWASP Dependency-Track
What you'll learn

Generate and validate SBOMs in CycloneDX and SPDX formats using Syft, Trivy, and OWASP Dependency-Track for real-world software projects.
Identify and remediate supply chain vulnerabilities by mapping CVEs, transitive dependencies, and malicious packages inside SBOMs
Implement SBOM programs that satisfy NTIA, EO 14028, FDA, and EU Cyber Resilience Act compliance Requirements for regulated industries
Build an end-to-end SBOM pipeline with automated ingestion, continuous monitoring, vendor risk scoring, and executive-ready reporting
Requirements
Basic understanding of software development or IT security concepts - no SBOM or supply chain experience required
Familiarity with the command line (Linux/Windows) is helpful but not mandatory - all tools are demonstrated step by step.
No prior knowledge of SBOM standards (SPDX, CycloneDX) needed - everything is taught from the ground up with real examples
Security professionals, developers, DevOps engineers, and compliance officers will all find this course immediately applicable
Description
Are you ready to master Software Bill of Materials (SBOM) and become the supply chain security expert your organisation needs in 2026?
Software supply chain attacks increased by 245% year-over-year. SolarWinds, Log4Shell, XZ Utils, and 3CX proved one brutal truth: you cannot defend what you cannot see. SBOM is the visibility layer that changes everything - and organisations that implement it respond to critical CVEs in seconds, not weeks.
---
What is SBOM and why does it matter right now?
A Software Bill of Materials (SBOM) is a machine-readable inventory of every component, library, and dependency inside a software product. Executive Order 14028 requires it for all software sold to the US federal government. The EU Cyber Resilience Act mandates it for all CE-marked products by December 2027. The FDA requires it in premarket submissions for medical devices. SBOM is no longer optional - it is a compliance requirement, a procurement expectation, and a security necessity.
Yet 86% of organisations find SBOM generation challenging, and most security teams still lack the skills to implement it correctly. This course closes that gap completely.
---
What You Will Learn
- Understand the full software supply chain threat landscape - SolarWinds, Log4Shell, XZ Utils, 3CX anatomy explained
- Generate SBOMs using Syft, Trivy, cdxgen, and CycloneDX build plugins
- Master SPDX (ISO/IEC 5962:2021), CycloneDX (ECMA-424), and SWID Tags
- Integrate SBOM generation into CI/CD pipelines - GitHub Actions, GitLab CI, Jenkins
- Deploy OWASP Dependency-Track for enterprise SBOM management and continuous CVE monitoring
- Implement VEX workflows to triage and communicate CVE exploitability status
- Enforce open-source license compliance with automated policy gates
- Meet EO 14028, NTIA, EU CRA, FDA, and NIST SSDF Requirements
- Write SBOM contractual language for supplier procurement
- Sign SBOMs with cosign (Sigstore) for tamper-evident attestation
- Respond to zero-day CVEs and supply chain compromises using SBOM-powered scope determination
- Build a mature SBOM program from MVP to Level 4 - with 8 measurable KPIs
---
Hands-On Labs
- Generate your first SBOM in under 5 minutes with Syft
- CI/CD pipeline YAML for GitHub Actions and Dependency-Track
- Configure policy gates blocking critical CVEs and prohibited licenses
- Set up OWASP Dependency-Track with Docker Compose
- Apply the 10-point OSS intake checklist
- Use the 72-hour CVE response runbook
---
13 Modules covering: Threat Landscape · SBOM Fundamentals · SPDX vs CycloneDX · Syft & Trivy Tools · SDLC Integration · Vulnerability Management · License Governance · Regulatory Compliance · Procurement · SBOM Operations · Incident Response · Program Maturity · Certification Path
---
Regulatory Coverage: EO 14028 · NTIA Minimum Elements · OMB M-22-18 · FDA Cybersecurity · NIST SSDF · EU Cyber Resilience Act · EU NIS2
---
Enrol now and build the supply chain security visibility your organisation needs - before a CVE forces the question.
Who this course is for
Security engineers and DevSecOps professionals who need to implement SBOM pipelines, automate vulnerability tracking, and meet supply chain compliance mandates like EO 14028 or the EU Cyber Resilience Act
Software developers and architects who want to understand dependency risks, integrate SBOM generation into CI/CD workflows, and ship more secure, auditable code
GRC analysts, compliance officers, and CISOs responsible for vendor risk management, software procurement policies, or regulated industry Requirements (FDA, DORA, NIS2)
IT professionals and ethical hackers pursuing supply chain security skills - including detection of malicious packages, transitive dependency exploitation, and third-party risk assessment
Recommend Download Link Hight Speed | Please Say Thanks Keep Topic Live
No Password  - Links are Interchangeable