Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Compliance

FedRAMP vulnerability scanning requirements explained

FedRAMP mandates monthly vulnerability scans and 30-day remediation windows. Here's what Rev 5 requires, and why minimal images like Chainguard's don't exempt you.

Apr 1, 20267 min read
Compliance

Simplify PCI DSS 4.0 compliance with hardened containers

PCI DSS 4.0's 30-day patch clock is brutal for container-heavy CDEs. Here's how hardened, minimal images cut CVE noise and make audits defensible.

Mar 31, 20268 min read
Compliance

White House M-22-18 SBOM Attestation Update

OMB M-22-18 and the CISA Secure Software Self-Attestation form continue to evolve. Here is what producers and federal buyers must change in 2026.

Mar 31, 20268 min read
Compliance

CMMC 2.0 compliance for containerized workloads

CMMC 2.0 enforcement is phasing in through 2028. Hardened container images help, but 35+ of 110 NIST 800-171 controls need continuous evidence Chainguard's approach doesn't cover.

Mar 31, 20268 min read
Compliance

SOC 2 and the hardened software supply chain

SOC 2 attests to internal controls, not to whether a hardened image or build pipeline is secure. Here is how Chainguard's approach fits, and what it does not cover.

Mar 31, 20268 min read
Industry Analysis

Insurance Claims Platform Supply Chain Program

Insurance claims platforms run on document AI, fraud detection, and integrations to thousands of vendors. Here is the supply chain program that fits.

Mar 30, 20266 min read
Regulatory Compliance

SLSA v1.1 Framework Update: What's New

SLSA v1.1 sharpens the build track, adds a source track draft, and clarifies attestation semantics. Here is the practical guide for security teams.

Mar 30, 20266 min read
Regulatory Compliance

Using Reachability To Defend SOC 2 Audit Decisions

An auditor asks why you didn't fix CVE-X. The defensible answer involves reachability evidence. Without it, the conversation gets uncomfortable.

Mar 30, 20263 min read
Regulatory Compliance

CMMC 2.0 Rollout: Where Deadlines Actually Are

A senior engineer's guide to where CMMC 2.0 deadlines actually sit in 2026, what assessors are looking for, and how supply chain controls fit into the certification path.

Mar 29, 20267 min read
SBOM & Compliance

CycloneDX vs SPDX: Which Format For Your Program

A senior-engineer comparison of CycloneDX and SPDX in 2026, covering field coverage, tooling, AI-BOM support, VEX, and the practical trade-offs for your programme.

Mar 29, 20266 min read
Regulatory Compliance

PCI DSS 4.0 Software Security Evidence Flow

PCI DSS 4.0 raises the bar for software security and supplier oversight. Learn how to satisfy Requirement 6 and 12.8 with continuous supply chain evidence.

Mar 29, 20267 min read
Buyer's Guides

Anchore vs. Snyk / Wiz / Sysdig / Aqua / Chainguard posit...

Evaluating Anchore alternatives? See how Safeguard, Snyk, Wiz, Sysdig, Aqua, and Chainguard actually differ on SBOM, runtime, and compliance.

Mar 29, 20269 min read
compliance (Page 15) — Safeguard Blog