cyclonedx
Safeguard articles tagged "cyclonedx" — guides, analysis, and best practices for software supply chain and application security.
71 articles
Generating CycloneDX and SPDX SBOMs from Java Projects with Maven and Gradle
CISA's 2025 draft update proposes four new fields on top of NTIA's minimum elements, from 7 to 11 — most Maven and Gradle-generated SBOMs still fail that bar.
The 2026 SBOM compliance guide: where a software bill of materials is now required
SBOM requirements have spread from a single US executive order to regulations across sectors and continents. Here's a framework-by-framework map of where you need one in 2026.
How to Create an AIBOM for Your AI Models
Build an AI Bill of Materials that inventories the models, datasets, adapters, and MCP tools your application depends on — using CycloneDX ML-BOM and commands you can run today.
Generating a CycloneDX/SPDX SBOM for a Node.js Application
npm has shipped a native `npm sbom` command since v9 — but a real supply chain program needs more than the CLI default. Here's how to do it right.
SBOM adoption: generating, distributing, and consuming SBOMs to cut supply chain risk
Four years after EO 14028, most SBOMs still sit unread in a folder. Here's how to generate, ship, and actually query one before the next Log4Shell.
Best SBOM Tools (2026): An Honest FAQ
A balanced 2026 FAQ on the best SBOM tools — how Syft, Trivy, Dependency-Track, Sonatype, Black Duck, and Safeguard compare, and when a generator is enough versus a platform.
How to Read an SBOM
An SBOM is a list of everything inside your software. This beginner guide shows you how to open one, understand each field, and turn it into something useful.
SBOMs in the CI/CD Pipeline: From Generation to Actually Useful
Generating an SBOM is easy. Making it answer 'are we affected by this CVE, and where?' in seconds is the part most teams skip. Here is how to build SBOMs into your pipeline so they earn their keep.
Understanding SBOM Formats
A software bill of materials is only useful if tools can read it. Two standards dominate — SPDX and CycloneDX — and knowing what each captures, how they differ, and when to use which is the difference between an inventory that works and one that gathers dust.
SBOM (Software Bill of Materials): Frequently Asked Questions
A clear FAQ on software bills of materials in 2026 — what an SBOM is, SPDX vs CycloneDX, NTIA minimum elements, VEX, signing, and how to keep an SBOM continuously accurate.
How to Generate an SBOM: A Step-by-Step Guide
Produce a spec-compliant CycloneDX or SPDX software bill of materials from any repository in minutes, validate it, and attach it to a release — with real commands you can run today.
Best SBOM Tools in 2026: Generation, Management, and Compliance Compared
An honest guide to the best SBOM tools in 2026 — from open-source generators like Syft and Trivy to full SBOM management and AIBOM platforms — with clear guidance on which to use for generation, analysis, and compliance.