compliance
Safeguard articles tagged "compliance" — guides, analysis, and best practices for software supply chain and application security.
435 articles
Automotive software security (connected/autonomous vehicles)
UN R155 and R156 are now mandatory for every vehicle sold in the EU, Japan, and Korea. Here's what automotive software security compliance actually requires, and where Black Duck falls short.
What is an Open Source Audit?
What is an open source audit, how does it compare to Black Duck's point-in-time scans, and why continuous monitoring closes the gap audits leave open.
What are Open Source Licenses?
Open source licenses govern how 96% of modern codebases can legally be used. Here's how license compliance works, where Black Duck's approach falls short, and how to close the gaps.
Sonatype Trust Center and Security Program Overview
Sonatype's trust center offers compliance snapshots on request. Safeguard compares that model to continuous, evidence-based supply chain verification.
Governments banning AI models: security implications for teams
Governments banned DeepSeek and other AI models in 2025 within days. Here's the security supply-chain risk teams face and how to find and fix it fast.
From SBOMs to AI BOMs: SPDX 3.0 Explained
SPDX 3.0 adds a formal AI profile for documenting ML models and datasets. Here's what changed, how it compares to CycloneDX, and why it matters now.
Anthropic Claude Enterprise security features overview
Claude Enterprise ships strong SSO, SCIM, audit logging, and SOC 2/ISO compliance — but its controls stop at the API boundary, leaving code and dependencies exposed.
ISO 27001 and NIST Framework Alignment for Supply Chain V...
How ISO 27001:2022 and NIST's SSDF, SP 800-161, and CSF 2.0 converge on software supply chain vendors—and where CVE-only scanning tools leave compliance gaps.
Sonatype SBOM Manager Overview
A concrete look at Sonatype SBOM Manager — its origins, pricing model, VEX support, and common adoption gaps — for teams evaluating an SBOM manager tool.
AI & LLM Governance for Software Development
Sonatype flags bad packages after the fact. Here's what AI governance for software development requires, and how Safeguard tracks models and output together.
SOC 2 Type II vs ISO 27001: what each certification actua...
SOC 2 Type II and ISO 27001 certify different things to different audiences. Here's what each actually covers, and how to evaluate supply chain vendors like JFrog and Safeguard on it.
AI governance frameworks: managing risk in AI-built software
AI governance frameworks like NIST AI RMF and the EU AI Act now govern AI-built software. Here's what they require, and where JFrog's artifact-first approach falls short.