Free Security Training on Vulnerability Management, SBOM, and Related Subjects

By /

Listen to this Post

Featured Image
Announcing Security Training on Vulnerability Management, SBOM, and Related Subjects

For registration links, see the blog post:

Announcing Security Training on Vulnerability Management, SBOM, and Related Subjects

This free two-part training (June 3rd and 10th) covers essential cybersecurity practices for developers and project leads.

Day 1 (June 3) Topics:

  • Understanding vulnerability-related terms (CVE, NVD, CVSS)
  • Best practices for vulnerability reporting
  • How to handle security fixes and write CVE entries
  • Tools for vulnerability management (GitLab, GitHub private advisories, security mailing lists)
  • Role of the Eclipse Foundation Security Team

Day 2 (June 10) Topics:

  • Embargoes and coordinated vulnerability disclosure
  • Multi-project vulnerability handling
  • Writing security advisories
  • Dependency evaluation tools
  • to SBOM (Software Bill of Materials)
  • Generating and storing SBOMs with Eclipse Foundation

You Should Know:

Essential Vulnerability Management Commands & Tools

1. Checking for CVEs in Linux Packages

apt list --upgradable  Check for outdated packages (Debian/Ubuntu) 
yum updateinfo list cves  List known CVEs (RHEL/CentOS)

2. Generating an SBOM with Syft

syft scan docker:nginx -o spdx-json=sbom.json  Generate SBOM for a Docker image

3. Analyzing Dependencies for Vulnerabilities

npm audit  Check Node.js dependencies 
pip-audit  Audit Python packages

4. Using GitHub Private Advisories

gh advisory list  List GitHub security advisories (requires GitHub CLI)

5. CVSS Score Calculation (Manual Check)

curl -s https://nvd.nist.gov/vuln/detail/CVE-2023-1234 | grep "CVSS"  Fetch CVSS data

6. Linux Kernel Security Fixes

uname -r  Check kernel version 
sudo apt-get install --only-upgrade linux-image-$(uname -r)  Apply security updates

7. Windows Patch Management

Get-HotFix | Sort-Object InstalledOn -Descending  List installed updates

What Undercode Say:

Vulnerability management is critical in modern software development. Tools like Syft, Dependency-Check, and GitHub Advisory Database help automate security assessments. Developers must integrate SBOM generation into CI/CD pipelines to track dependencies effectively.

Expected Output:

  • A structured SBOM in SPDX or CycloneDX format
  • A list of patched CVEs from `npm audit` or `pip-audit`
  • Updated Linux/Windows systems with the latest security patches

Prediction:

As open-source adoption grows, automated SBOM generation and AI-driven CVE detection will become standard in DevOps pipelines. Companies ignoring vulnerability management will face increased breach risks.

Relevant URLs:

IT/Security Reporter URL:

Reported By: Mrybczynska Announcing – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: