Your software contains 150+ dependencies you didn’t write, don’t maintain, and can’t fully audit—yet you’re accountable for every vulnerability they introduce. Organizations implementing comprehensive SBOM strategies detect supply chain compromises in minutes instead of days—or worse after a breach.

Anchore has been leading the SBOM charge for almost a decade: providing educational resources, tools and insights, and to help organizations secure their software supply chains. To help organizations navigate this critical aspect of software development, we’re excited to announce SBOM Learning Week

Each day of the week we will be publishing a new blog post that provides an overview of how to progress on your SBOM educational journey. By the end of the week, you will have a full learning path laid out to guide you from SBOM novice to SBOM expert.

Why SBOM Learning Week, Why Now?

With recent executive orders (e.g., EO 14028) mandating SBOMs for federal software vendors and industry standards increasingly recommending their adoption, organizations across sectors are racing to weave SBOMs into their software development lifecycle. However, many still struggle with fundamental questions:

  • What exactly is an SBOM and why does it matter?
  • How do I generate, manage, and leverage SBOMs effectively?
  • How do I scale SBOM practices across a large organization?
  • What do leading experts predict for the future of SBOM adoption?
  • How do SBOMs integrate with existing security and development practices?

SBOM Learning Week answers these questions through a carefully structured learning journey designed for both newcomers and experienced practitioners.

What to Expect Each Day

Monday: SBOM Fundamentals

We’ll start with the fundamentals, exploring what SBOMs are, why they matter, and the key standards that define them. This foundational knowledge will prepare you for the more advanced topics to come.

Tuesday: Technical Deep-dives

Day two focuses on hands-on implementation, with practical guidance for generating SBOMs using open source tools, integrating them into CI/CD pipelines, and examining how SBOM generation actually works under the hood.

Wednesday: DevOps-Scale SBOM Management

Moving beyond initial implementation, we’ll explore how organizations can scale their SBOM practices across enterprise environments, featuring real-world examples from companies like Google.

Thursday: SBOM Insights on LLMs, Compliance Attestations and Security Mental Models

On day four, we’ll share insights from industry thought leaders on how software supply chain security and SBOMs are adapting to LLMs, how SBOMs are better thought of as compliance data containers than supply chain documents and how SBOMs and vulnerability scanners fit into existing developer mental models.

Friday: SBOMs as the Crossroad of the Software Supply Chain

We’ll conclude by examining how SBOMs intersect with DevSecOps, open source security, and regulatory compliance, providing a holistic view of how SBOMs fit into the broader security landscape.

Join Us on This Learning Journey

Whether you’re a security leader looking to strengthen your organization’s defenses, a developer seeking to integrate security into your workflows, or an IT professional responsible for compliance, SBOM Learning Week offers valuable insights for your role.

Each day’s post will build on the previous content, creating a comprehensive resource you can reference as you develop and mature your organization’s SBOM initiative. We’ll also be monitoring comments and questions on our social channels (LinkedIn, BlueSky, X) throughout the week to help clarify concepts and address specific challenges you might face.

Mark your calendars and join us starting Monday as we embark on this exploration of one of today’s most important cybersecurity technologies. The journey to a more secure software supply chain begins with understanding what’s in your code—and SBOM Week will show you exactly how to get there.

Don’t want to miss a day? Subscribe to our newsletter for updates or follow us on LinkedIn, X or BlueSky to get notifications as each post is published.