The metadata you want is called a Software Bill of Materials, and there are a range of tools for generating them. Some generic ones include Trivy and Grype, but you may also find some for your language ecosystem by Googling ’ + SBOM’.
One tool you can use to view these versions with a web UI is OWASP Dependency-Track.
All of the tools mentioned and linked above are F/OSS.
For general Unix skills, get him a laptop and help him install a Linux distro on it. Show him a few different desktop environments, buy him a Linux magazine with a DVD and articles or projects. Then just let him try whatever he wants and promise to be there to help him fix whatever he breaks (by pointing him to docs, belong him write good forum questions, helping him revise search queries, etc.). These skills are perhaps a bit simpler to pick up but can eventually grow into scripting and programming skills.
For programming, start with simple programming exercises or koans, and maybe give him prizes (like a quarter or a piece of candy or something) when he solves them. Let him solve lots of similar problems/puzzles over and over as he builds his confidence; rather than pushing him to harder material, just offer harder material with higher rewards. You’ll probably have to write your own exercises at first, like just translating arithmetic expressions from a notation he’s learning in school to one used by whatever programming language you’re working in together. Eventually, you can start to do online exercises together.
Once he has been messing with this stuff for a year or two, revisit fundamentals by working through a carefully selected introductory textbook together. You can include shell scripts at this point to tie the Unix stuff and programming stuff together, and maybe use a good Linux magazine or Learn Enough Developer Tools to Be Dangerous as the ‘textbook’ for that side. Then he’ll at least know basic version control and surrounding tools.
After you’ve gone through a chunk of those basics together— full mastery is not required— sign up for an introductory programming class together at the local community college. Taking it together, you can make sure he’s keeping up with the material, encourage him to ask questions, and help him with homework if necessary. If you want, you can also do this with networking or systems administration.
This is based on some things that my dad did with me, including a couple of community college classes we took together. (Idr exactly how old I was during those classes, but I think it was before I started high school.)
The fact of running an OS and other software that spies on you is proof against being ‘privacy focused’. And many cybersecurity professionals use Windows at home, have dozens of devices with always-on microphones all throughout their house, use a host of cloud-based home automation, etc. It’s just not true that working in cybersecurity means you do much to preserve your privacy.
And in practice today, privacy and security are in tension when it comes to desktop OS choice. macOS has a more destructive security model than most Linux distros, better suited to running proprietary software from untrusted sources. But compared to *BSD along with many Linux distros, macOS is also absolutely teeming with telemetry and cloud-centric functionality. In a word, macOS is more secure but less private. That many cybersecurity professionals would take that tradeoffs doesn’t at all show that macOS has better privacy than Linux.