Safeguard
Topic

SBOM

In-depth guides and analysis on sbom from the Safeguard engineering team.

76 articles

SBOM

CycloneDX vs SPDX: SBOM Format Comparison 2026

A practical CycloneDX vs SPDX comparison for 2026 buyers: schema depth, tool support, regulatory alignment, and which format to pick for which use case.

Apr 14, 20265 min read
SBOM

How to Read a CycloneDX SBOM: A Line-by-Line Walkthrough

A walkthrough of a CycloneDX 1.6 JSON document — metadata, components, services, dependencies, and vulnerabilities — with a real snippet and what to check first.

Apr 13, 20267 min read
SBOM

SBOM standards and formats compared (SPDX vs CycloneDX vs...

SPDX, CycloneDX, and Syft JSON aren't interchangeable. A concrete breakdown of what each format is for, where Anchore's Syft defaults, and how Safeguard handles both.

Mar 30, 20268 min read
SBOM

What is a Software Bill of Materials (SBOM) — definitions...

What is an SBOM? A plain-language breakdown of definitions, contents, formats (SPDX vs CycloneDX), compliance drivers, and real use cases like Log4Shell and xz-utils.

Mar 29, 20267 min read
SBOM

How to generate an SBOM with free open source tools

Free tools like Syft and Trivy can generate an SBOM in minutes. Here's exactly how, where open source tooling stops scaling, and how Safeguard fills the gap.

Mar 29, 20267 min read
SBOM

SBOM automation from creation to scanning & analysis

SBOM generation alone isn't enough. See how continuous SBOM automation — from creation to scanning and analysis — closes the gaps left by point-in-time tools.

Mar 29, 20267 min read
SBOM

Tern SBOM Generation Walkthrough for 2026

A walkthrough of generating SBOMs with Tern in 2026, covering layer-by-layer inspection, CycloneDX output, and practical comparison with Syft.

Mar 28, 20266 min read
SBOM

Tackling SBOM sprawl across an organization

SBOM generation has outpaced SBOM management. Here's why sprawl happens, what it costs in incident response and audits, and how to consolidate it for good.

Mar 28, 20268 min read
SBOM

SBOM GitHub Action / dropping SBOM tooling into CI workflows

Adding an SBOM GitHub Action like Anchore's is easy; making the output useful isn't. Here's what breaks in real CI pipelines and how to fix it.

Mar 28, 20268 min read
SBOM

SBOM Drift Detection Playbook for 2026

A practical playbook for detecting and responding to SBOM drift between source, build, and runtime, with the patterns that separate signal from noise.

Mar 22, 20266 min read
SBOM

CycloneDX 1.7 Migration Guide From 1.5

A practical migration path from CycloneDX 1.5 to 1.7 covering schema changes, machine learning BOM additions, formulation, and the tooling adjustments required.

Mar 22, 20265 min read
SBOM

SPDX 3.0 Feature Overview for 2026

What changed in SPDX 3.0 and the 3.0.1 patch release: the profile model, AI and dataset profiles, serialization choices, and what to migrate first.

Mar 19, 20265 min read
SBOM (Page 2) — Supply Chain Security Blog | Safeguard