Creating and Mantaining an SBOM with BlackDuck SCA with

In this session, you’ll learn how to generate, manage, and continuously maintain a Software Bill of Materials (SBOM) using BlackDuck Software Composition Analysis (SCA).

This hands-on mentoring session will cover:

-Introduction to SBOM and its importance for security, compliance, and EU CRA/NTIA standards
-Setting up BlackDuck Detect CLI or integrations with build tools (e.g., Maven, Gradle, npm)
-Generating SBOMs in CycloneDX and SPDX formats
-Automating SBOM scans in CI/CD pipelines.
-Mapping SBOMs to CVEs, licenses, and policy violations
-Best practices for SBOM lifecycle management and compliance reporting

Perfect for DevSecOps engineers, AppSec specialists, and compliance professionals who want to implement secure and traceable open-source governance.

I’m Najib Radzuan, a DevOps/DevSecOps Architect with over 16 years of hands-on experience helping individuals and organizations adopt secure and scalable engineering practices. I’ve served in diverse roles—from developer to DevOps engineer to solution manager—across cloud and on-prem environments.

My passion lies in mentoring professionals in career transformation, especially those transitioning into DevOps and DevSecOps roles. I provide practical, real-time guidance in CI/CD, infrastructure as code, and secure software delivery.

I’m well-versed in tools and platforms like Azure, AWS, Alibaba Cloud, Terraform, Ansible, and Git-based automation. Whether you're building your first pipeline or need enterprise-level architecture advice, I’m here to help you upskill, gain confidence, and succeed.

Let’s bridge the gap between where you are and where you want to be in your DevSecOps journey.