Safeguard
Tag

cyclonedx

Safeguard articles tagged "cyclonedx" — guides, analysis, and best practices for software supply chain and application security.

71 articles

Buyer's Guides

Best AIBOM Tools in 2026: AI Bill of Materials Platforms Compared

An honest, technical guide to the best AIBOM tools in 2026 — from the open-source OWASP AIBOM Generator to AI-BOM features in Snyk, Wiz, Mend, JFrog, and Manifest Cyber — with clear guidance on what an AI bill of materials should actually capture.

Jun 13, 20268 min read
SBOM

SBOM standard formats compared (CycloneDX, SPDX, SWID)

CycloneDX, SPDX, and SWID solve different problems. Here's how the SBOM formats differ, and how Safeguard's multi-format generation compares to Mend.io's approach.

May 27, 20268 min read
SBOM

Best SBOM tools for automating bill-of-materials generation

A practical look at the best SBOM tools for 2026, comparing how Safeguard and Mend.io generate, format, and continuously update software bills of materials.

May 26, 20267 min read
AI Security

An Engineering Guide to AI Bill of Materials (AIBOM)

An AIBOM extends the SBOM to models, datasets, and prompts. What goes in one, how CycloneDX 1.6 encodes it, and how to generate it in CI without a documentation project.

May 25, 20266 min read
SBOM

CycloneDX vs SPDX: SBOM Format Comparison 2026

A practical CycloneDX vs SPDX comparison for 2026 buyers: schema depth, tool support, regulatory alignment, and which format to pick for which use case.

Apr 14, 20265 min read
SBOM

How to Read a CycloneDX SBOM: A Line-by-Line Walkthrough

A walkthrough of a CycloneDX 1.6 JSON document — metadata, components, services, dependencies, and vulnerabilities — with a real snippet and what to check first.

Apr 13, 20267 min read
Tools

cdxgen v12: Reachability Evidence Lands in SBOMs

OWASP's cdxgen v12 ships reachability evidence powered by atom, multi-BOM generation (SBOM, CBOM, SaaSBOM, OBOM, CDXA), and CycloneDX 1.7 as the default. We tested it on a Java monorepo.

Apr 9, 20266 min read
SBOM & Compliance

CycloneDX 1.7 New Features Reviewed

CycloneDX 1.7 brings richer ML-BOM, better attestations, and VEX tightening. A practical review of what changed and what it means for your SBOM pipeline.

Apr 5, 20266 min read
Software Supply Chain Security

CycloneDX vs SPDX: SBOM Formats Compared

CycloneDX vs SPDX: how the two SBOM formats differ in vulnerability data, licensing, regulatory recognition, and conversion — and which to pick.

Apr 5, 20266 min read
SBOM

SBOM standards and formats compared (SPDX vs CycloneDX vs...

SPDX, CycloneDX, and Syft JSON aren't interchangeable. A concrete breakdown of what each format is for, where Anchore's Syft defaults, and how Safeguard handles both.

Mar 30, 20268 min read
SBOM

Tern SBOM Generation Walkthrough for 2026

A walkthrough of generating SBOMs with Tern in 2026, covering layer-by-layer inspection, CycloneDX output, and practical comparison with Syft.

Mar 28, 20266 min read
SBOM

CycloneDX 1.7 Migration Guide From 1.5

A practical migration path from CycloneDX 1.5 to 1.7 covering schema changes, machine learning BOM additions, formulation, and the tooling adjustments required.

Mar 22, 20265 min read
cyclonedx (Page 2) — Safeguard Blog