Safeguard
Tag

cyclonedx

Safeguard articles tagged "cyclonedx" — guides, analysis, and best practices for software supply chain and application security.

71 articles

Supply Chain Security

Generating CycloneDX and SPDX SBOMs from Java Projects with Maven and Gradle

CISA's 2025 draft update proposes four new fields on top of NTIA's minimum elements, from 7 to 11 — most Maven and Gradle-generated SBOMs still fail that bar.

Jul 12, 20266 min read
Compliance

The 2026 SBOM compliance guide: where a software bill of materials is now required

SBOM requirements have spread from a single US executive order to regulations across sectors and continents. Here's a framework-by-framework map of where you need one in 2026.

Jul 8, 20265 min read
Tutorials

How to Create an AIBOM for Your AI Models

Build an AI Bill of Materials that inventories the models, datasets, adapters, and MCP tools your application depends on — using CycloneDX ML-BOM and commands you can run today.

Jul 8, 20265 min read
Supply Chain Security

Generating a CycloneDX/SPDX SBOM for a Node.js Application

npm has shipped a native `npm sbom` command since v9 — but a real supply chain program needs more than the CLI default. Here's how to do it right.

Jul 8, 20266 min read
Supply Chain Security

SBOM adoption: generating, distributing, and consuming SBOMs to cut supply chain risk

Four years after EO 14028, most SBOMs still sit unread in a folder. Here's how to generate, ship, and actually query one before the next Log4Shell.

Jul 8, 20266 min read
FAQ

Best SBOM Tools (2026): An Honest FAQ

A balanced 2026 FAQ on the best SBOM tools — how Syft, Trivy, Dependency-Track, Sonatype, Black Duck, and Safeguard compare, and when a generator is enough versus a platform.

Jul 5, 20266 min read
Tutorials

How to Read an SBOM

An SBOM is a list of everything inside your software. This beginner guide shows you how to open one, understand each field, and turn it into something useful.

Jul 3, 20266 min read
DevSecOps

SBOMs in the CI/CD Pipeline: From Generation to Actually Useful

Generating an SBOM is easy. Making it answer 'are we affected by this CVE, and where?' in seconds is the part most teams skip. Here is how to build SBOMs into your pipeline so they earn their keep.

Jul 3, 20266 min read
Concepts

Understanding SBOM Formats

A software bill of materials is only useful if tools can read it. Two standards dominate — SPDX and CycloneDX — and knowing what each captures, how they differ, and when to use which is the difference between an inventory that works and one that gathers dust.

Jul 3, 20266 min read
FAQ

SBOM (Software Bill of Materials): Frequently Asked Questions

A clear FAQ on software bills of materials in 2026 — what an SBOM is, SPDX vs CycloneDX, NTIA minimum elements, VEX, signing, and how to keep an SBOM continuously accurate.

Jul 2, 20266 min read
Tutorials

How to Generate an SBOM: A Step-by-Step Guide

Produce a spec-compliant CycloneDX or SPDX software bill of materials from any repository in minutes, validate it, and attach it to a release — with real commands you can run today.

Jul 1, 20266 min read
Buyer's Guides

Best SBOM Tools in 2026: Generation, Management, and Compliance Compared

An honest guide to the best SBOM tools in 2026 — from open-source generators like Syft and Trivy to full SBOM management and AIBOM platforms — with clear guidance on which to use for generation, analysis, and compliance.

Jun 24, 20265 min read
cyclonedx — Safeguard Blog