SBOM
In-depth guides and analysis on sbom from the Safeguard engineering team.
76 articles
SBOM adoption in underwriting and actuarial software
Insurers price risk with software built on unvetted open-source code. Here's how SBOM underwriting software closes that blind spot.
SBOM for automotive ECU firmware and embedded software
How automotive ECU firmware SBOMs help OEMs and suppliers track embedded components, manage vehicle firmware vulnerabilities, and secure OTA updates.
SBOM requirements for industrial control systems (ICS/SCADA)
ICS/SCADA SBOM requirements are colliding with 20-year-old control systems that predate software transparency mandates. Here's what's required, why, and how to close the gap.
Best SBOM management and analysis platforms
A practical buyer's guide to SBOM management platforms in 2026 -- evaluation criteria plus an honest look at six real vendors and where each one falls short.
AI-Generated SBOMs: How Accurate Are They?
LLMs can now generate SBOMs from source code and documentation. We tested five AI SBOM generators against traditional tools to measure accuracy, completeness, and reliability.
Container SBOM Generation: Best Practices for 2025
Container images are multi-layered artifacts that challenge SBOM generators. Here is how to generate comprehensive, accurate SBOMs for containerized applications.
SBOM Interoperability: Bridging CycloneDX and SPDX
Your suppliers send SPDX. Your tools expect CycloneDX. Interoperability between SBOM formats is a real operational challenge. Here is how to solve it.
How Snyk Container generates a Software Bill of Materials...
How Snyk Container statically scans image layers, parses OS package databases and lockfiles, and exports CycloneDX/SPDX SBOMs — mechanically explained.
How Snyk AI-BOM's continuous refresh model differs from a...
How Snyk's AI-BOM keeps model and dataset inventories current through continuous refresh, and why that differs mechanically from a point-in-time static SBOM export.
Binary SBOM Analysis: Creating Software Bills of Materials Without Source Code
Not all software comes with source code. Binary analysis techniques can extract component information from compiled artifacts, firmware, and commercial software to produce SBOMs where traditional tools cannot.
SBOM Quality Metrics: Moving Beyond Completeness
Most SBOM quality discussions stop at completeness. Real quality requires measuring accuracy, freshness, depth, and actionability. Here is a practical framework.
Why 'We Have an SBOM' Isn't the Same as 'We Are Secure'
An SBOM tells you what's in your software, not whether it's safe. Here's why inventory alone can't stop supply chain attacks like XZ Utils or SolarWinds.