Safeguard
Tag

compliance

Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.

435 articles

Industry Analysis

Automotive software security (connected/autonomous vehicles)

UN R155 and R156 are now mandatory for every vehicle sold in the EU, Japan, and Korea. Here's what automotive software security compliance actually requires, and where Black Duck falls short.

Jun 10, 20267 min read
Compliance

What is an Open Source Audit?

What is an open source audit, how does it compare to Black Duck's point-in-time scans, and why continuous monitoring closes the gap audits leave open.

Jun 9, 20267 min read
Compliance

What are Open Source Licenses?

Open source licenses govern how 96% of modern codebases can legally be used. Here's how license compliance works, where Black Duck's approach falls short, and how to close the gaps.

Jun 9, 20267 min read
Compliance

Sonatype Trust Center and Security Program Overview

Sonatype's trust center offers compliance snapshots on request. Safeguard compares that model to continuous, evidence-based supply chain verification.

Jun 8, 20267 min read
AI Security

Governments banning AI models: security implications for teams

Governments banned DeepSeek and other AI models in 2025 within days. Here's the security supply-chain risk teams face and how to find and fix it fast.

Jun 7, 20266 min read
SBOM

From SBOMs to AI BOMs: SPDX 3.0 Explained

SPDX 3.0 adds a formal AI profile for documenting ML models and datasets. Here's what changed, how it compares to CycloneDX, and why it matters now.

Jun 6, 20268 min read
AI Security

Anthropic Claude Enterprise security features overview

Claude Enterprise ships strong SSO, SCIM, audit logging, and SOC 2/ISO compliance — but its controls stop at the API boundary, leaving code and dependencies exposed.

Jun 6, 20266 min read
Compliance

ISO 27001 and NIST Framework Alignment for Supply Chain V...

How ISO 27001:2022 and NIST's SSDF, SP 800-161, and CSF 2.0 converge on software supply chain vendors—and where CVE-only scanning tools leave compliance gaps.

Jun 6, 20267 min read
SBOM

Sonatype SBOM Manager Overview

A concrete look at Sonatype SBOM Manager — its origins, pricing model, VEX support, and common adoption gaps — for teams evaluating an SBOM manager tool.

Jun 5, 20266 min read
AI Security

AI & LLM Governance for Software Development

Sonatype flags bad packages after the fact. Here's what AI governance for software development requires, and how Safeguard tracks models and output together.

Jun 4, 20268 min read
Compliance

SOC 2 Type II vs ISO 27001: what each certification actua...

SOC 2 Type II and ISO 27001 certify different things to different audiences. Here's what each actually covers, and how to evaluate supply chain vendors like JFrog and Safeguard on it.

Jun 1, 20268 min read
AI Security

AI governance frameworks: managing risk in AI-built software

AI governance frameworks like NIST AI RMF and the EU AI Act now govern AI-built software. Here's what they require, and where JFrog's artifact-first approach falls short.

May 31, 20267 min read
compliance (Page 7) — Safeguard Blog