Generated and analyzed a Software Bill of Materials (SBOM) for Flask using Syft and Grype.
This was my first time using GitHub, working in the Mac Terminal, and using open source tools like Syft and Grype to generate a Software Bill of Materials (SBOM) and run a vulnerability scan.
I relied heavily on ChatGPT to guide me through this process β from identifying a suitable repo to analyze, to generating bash commands, troubleshooting errors, and helping me understand what I was doing every step of the way.
What stood out most was how fast the feedback loop was. I wasnβt just copying commands β I was learning why they mattered. That made the experience more meaningful and helped me understand how these tools support risk management, transparency, and open source security. Learning through doing is my preferred method. It helps me internalize concepts, build my lexicon in the security domain β especially around software supply chain risk β and become more self-sufficient, particularly when working with bash commands.
I know ChatGPT can sometimes be wrong or misleading, but nothing in this project gave that impression. It helped me ask better questions, understand each step, and develop confidence in how SBOM and vulnerability analysis works.
I'm using this project as a foundation for an entry-level role in cybersecurity β specifically in C-SCRM, Third-Party Risk, or vulnerability reporting and remediation.