Safeguard
Tag

anchore

Safeguard articles tagged "anchore" — guides, analysis, and best practices for software supply chain and application security.

10 articles

SBOM

What is a Software Bill of Materials (SBOM) — definitions...

What is an SBOM? A plain-language breakdown of definitions, contents, formats (SPDX vs CycloneDX), compliance drivers, and real use cases like Log4Shell and xz-utils.

Mar 29, 20267 min read
SBOM

How to generate an SBOM with free open source tools

Free tools like Syft and Trivy can generate an SBOM in minutes. Here's exactly how, where open source tooling stops scaling, and how Safeguard fills the gap.

Mar 29, 20267 min read
Tools

How Syft scans software to generate SBOMs (under-the-hood...

A deep look at Syft's under-the-hood scanning mechanics — catalogers, binary classifiers, layer squashing, and SBOM formats — and where the single-scan model breaks down at fleet scale.

Mar 28, 20267 min read
Industry Analysis

What is Software Supply Chain Security (SSCS)?

SolarWinds, Log4Shell, and the XZ Utils backdoor show why supply chain security now means more than SBOMs. Here's what SSCS actually covers—and where Anchore's approach falls short.

Mar 27, 20267 min read
Industry Analysis

Best practices for securing the software supply chain

From the xz backdoor to SolarWinds, real incidents show why SBOMs, build provenance, and continuous monitoring matter more than scanning alone.

Mar 26, 20267 min read
DevSecOps

Anchore's approach to DevSecOps (case for shift-left secu...

How Anchore's devsecops approach uses SBOMs and shift-left scanning to catch vulnerabilities early, and why runtime visibility still matters.

Mar 26, 20268 min read
Tools

Grype v0.108 Release Notes Walkthrough

Anchore's Grype shipped v0.108.0 in late 2025 with the new vulnerability database v6 schema, distroless support fixes, and a tightened CPE matcher.

Dec 9, 20255 min read
Tools

Syft v1.20 Release: Faster Scans, Smarter License Detection

Anchore's Syft v1.20 ships a refactored license cataloger, Bitnami SBOM passthrough, and a 2x speedup on filesystem scans. We tested the upgrade on five real codebases.

Sep 18, 20255 min read
Tool Reviews

Anchore Syft: The Go-To Open Source SBOM Generator

A thorough review of Anchore's Syft SBOM generation tool, covering supported formats, language ecosystems, container scanning, and integration patterns.

Jun 8, 20236 min read
SBOM

Generating SBOMs with Syft: The Complete Guide

Syft is the most popular open-source SBOM generator. Here's how to use it effectively for containers, directories, archives, and CI/CD pipelines.

Apr 8, 20226 min read
anchore — Safeguard Blog