Safeguard
Topic

SBOM

In-depth guides and analysis on sbom from the Safeguard engineering team.

76 articles

SBOM

CISA Minimum Elements for SBOM: 2026 Update

A clear walkthrough of CISA's 2026 revisions to the minimum elements for SBOM, what changed from the original NTIA baseline, and how to bring your outputs into compliance.

Mar 4, 20266 min read
SBOM

SBOM Generation: Syft, Tern, Trivy Compared (2026)

An engineer's side-by-side of Syft, Tern, and Trivy for SBOM generation in 2026, with honest notes on accuracy, performance, and where each tool actually fits.

Mar 4, 20267 min read
SBOM

SBOM-Driven Due Diligence for M&A

How SBOMs have become a standard input to technical due diligence for software acquisitions, what acquirers actually look for, and how sellers should prepare.

Mar 4, 20267 min read
SBOM

SBOMs for Firmware and IoT Devices: The Hard Problem

Generating accurate SBOMs for firmware and IoT devices remains one of the toughest challenges in supply chain security. Here's the current state of the art.

Feb 25, 20266 min read
SBOM

How to set up SBOM generation in a CI pipeline

Learn how to build an SBOM generation CI pipeline with Syft and GitHub Actions, covering scanning, signing, storage, and verification for supply chain visibility.

Feb 21, 20268 min read
SBOM

OpenVEX vs. CycloneDX VEX: Which to Pick

A direct comparison of OpenVEX and CycloneDX VEX in 2026, covering spec differences, tooling support, and the operational tradeoffs that actually affect your choice.

Feb 11, 20266 min read
SBOM

SBOM Enrichment and Vulnerability Correlation: Turning Inventory into Intelligence

A raw SBOM is a parts list. An enriched SBOM is a risk assessment. Here's how to bridge the gap.

Feb 8, 20266 min read
SBOM

SBOM Ingestion at Scale: An Architecture Guide

A pragmatic architecture for ingesting, normalizing, and querying hundreds of thousands of SBOMs across an enterprise or agency, without drowning in noise.

Feb 4, 20267 min read
SBOM

SBOM Distribution Patterns: TEA, VEX, and the Last Mile in 2026

How SBOMs actually move between producers and consumers in 2026, what TEA and VEX are solving, and the distribution patterns that hold up in production.

Jan 22, 20265 min read
SBOM

Generating and exporting a software bill of materials in AWS

A practical walkthrough for generating and exporting an AWS SBOM using Inspector and ECR -- plus troubleshooting tips and how Safeguard helps.

Jan 19, 20267 min read
SBOM

Generating SBOMs and provenance with GCP Artifact Analysis

A step-by-step guide to GCP SBOM generation using Artifact Analysis: scan container images, export SPDX/CycloneDX SBOMs, and attach SLSA provenance attestations.

Jan 11, 20267 min read
SBOM

Medical device firmware SBOM and coordinated vulnerabilit...

How medical device firmware SBOMs, FDA Section 524B, ISO 81001-5-1, and coordinated vulnerability disclosure work together to secure connected IoMT devices.

Jan 1, 20267 min read
SBOM (Page 3) — Supply Chain Security Blog | Safeguard