compliance
Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.
435 articles
SBOM automation from creation to scanning & analysis
SBOM generation alone isn't enough. See how continuous SBOM automation — from creation to scanning and analysis — closes the gaps left by point-in-time tools.
What is Software Supply Chain Security (SSCS)?
SolarWinds, Log4Shell, and the XZ Utils backdoor show why supply chain security now means more than SBOMs. Here's what SSCS actually covers—and where Anchore's approach falls short.
India DPDP Act Software Security Implications 2026
A senior engineer's view of the Digital Personal Data Protection Act in 2026: security safeguards, significant data fiduciaries, breach notification, and software controls that actually comply.
Medical Device FDA Supply Chain Cybersecurity 2026
FDA expects supply chain cybersecurity evidence at premarket and through the device lifecycle. Here is what to deliver in 2026 without delaying clearance.
Vulnerability management under the EU Cyber Resilience Ac...
The EU Cyber Resilience Act sets hard deadlines for vulnerability reporting and SBOMs. Here's what changes, when, and how Safeguard stacks up against Anchore.
EU CRA SBOM requirements overview and compliance tips
The EU Cyber Resilience Act makes SBOMs mandatory for connected products by December 2027. Here is what CRA compliance actually requires, and how to prepare.
NIST 800-37 Risk Management Framework explained in plain ...
NIST 800-37's seven-step Risk Management Framework explained in plain English: who must comply, how it ties to FedRAMP and SSDF, and where teams stall.
FedRAMP Continuous Monitoring: Supply Chain Controls
FedRAMP's continuous monitoring requirements now include supply chain risk. Learn how to produce monthly evidence aligned with NIST SP 800-161 controls.
NYDFS 500 Software Supply Chain Implications
A senior engineer's view of how NYDFS Part 500 amendments through 2025 and 2026 reshape software supply chain expectations for regulated financial institutions.
SBOM Quality: Fields Auditors Actually Check
Auditors do not score SBOMs on file count. They check a small set of fields that prove the artefact is real, current, and tied to a verifiable build. Here are the ones that matter.
NIST 800-53 security and privacy controls overview
A breakdown of NIST 800-53 Rev 5's control families, SBOM and supply-chain requirements, and why scanning tools like Anchore cover only a narrow slice of what compliance demands.
UK PSTI Act Consumer IoT: Year-One Review
The UK PSTI Act's first year of enforcement reveals how consumer IoT vendors are struggling with minimum security requirements, password rules, and disclosure policies.