Safeguard
Topic

Compliance

In-depth guides and analysis on compliance from the Safeguard engineering team.

254 articles

Compliance

Why a Customer Trust Center matters for vendor risk reviews

Vendor security reviews stall without a live trust center. See what appsec teams check, how Veracode approaches transparency, and how Safeguard's trust center speeds reviews.

Jun 17, 20267 min read
Compliance

What open source scans miss in M&A due diligence

Open source composition scans like Black Duck catch known packages and licenses — but M&A due diligence needs to catch what those scans miss too.

Jun 15, 20268 min read
Compliance

Open source license compliance and risk management

How to manage open source license risk beyond point-in-time scans: copyleft traps, MongoDB/Elastic relicensing, and why continuous checks beat Black Duck-style audits.

Jun 12, 20267 min read
Compliance

What is an Open Source Audit?

What is an open source audit, how does it compare to Black Duck's point-in-time scans, and why continuous monitoring closes the gap audits leave open.

Jun 9, 20267 min read
Compliance

What are Open Source Licenses?

Open source licenses govern how 96% of modern codebases can legally be used. Here's how license compliance works, where Black Duck's approach falls short, and how to close the gaps.

Jun 9, 20267 min read
Compliance

Sonatype Trust Center and Security Program Overview

Sonatype's trust center offers compliance snapshots on request. Safeguard compares that model to continuous, evidence-based supply chain verification.

Jun 8, 20267 min read
Compliance

ISO 27001 and NIST Framework Alignment for Supply Chain V...

How ISO 27001:2022 and NIST's SSDF, SP 800-161, and CSF 2.0 converge on software supply chain vendors—and where CVE-only scanning tools leave compliance gaps.

Jun 6, 20267 min read
Compliance

SOC 2 Type II vs ISO 27001: what each certification actua...

SOC 2 Type II and ISO 27001 certify different things to different audiences. Here's what each actually covers, and how to evaluate supply chain vendors like JFrog and Safeguard on it.

Jun 1, 20268 min read
Compliance

Anatomy of a trust center: what enterprise buyers should ...

A practical checklist for evaluating vendor trust centers—using JFrog as a reference point—covering SOC 2 scope, SBOM provenance, and disclosure SLAs enterprise buyers often miss.

May 30, 20267 min read
Compliance

Government access request policies: how vendors handle la...

How JFrog and other software supply chain vendors handle law-enforcement subpoenas, and what Safeguard commits to differently on SBOM and metadata requests.

May 29, 20268 min read
Compliance

FTC Safeguards Rule: Enforcement Heats Up in 2026

The FTC finalized 30-day breach notification in 2025 and pursued multi-million-dollar settlements through 2026. Non-bank financial institutions need to take the Rule seriously.

May 27, 20266 min read
Compliance

Open source license management tools: features and best p...

A practical comparison of open source license management tools, contrasting Safeguard and Mend.io on detection, policy enforcement, and SBOM depth.

May 26, 20268 min read
Compliance (Page 4) — Supply Chain Security Blog | Safeguard