cyclonedx
Safeguard articles tagged "cyclonedx" — guides, analysis, and best practices for software supply chain and application security.
71 articles
Best AIBOM Tools in 2026: AI Bill of Materials Platforms Compared
An honest, technical guide to the best AIBOM tools in 2026 — from the open-source OWASP AIBOM Generator to AI-BOM features in Snyk, Wiz, Mend, JFrog, and Manifest Cyber — with clear guidance on what an AI bill of materials should actually capture.
SBOM standard formats compared (CycloneDX, SPDX, SWID)
CycloneDX, SPDX, and SWID solve different problems. Here's how the SBOM formats differ, and how Safeguard's multi-format generation compares to Mend.io's approach.
Best SBOM tools for automating bill-of-materials generation
A practical look at the best SBOM tools for 2026, comparing how Safeguard and Mend.io generate, format, and continuously update software bills of materials.
An Engineering Guide to AI Bill of Materials (AIBOM)
An AIBOM extends the SBOM to models, datasets, and prompts. What goes in one, how CycloneDX 1.6 encodes it, and how to generate it in CI without a documentation project.
CycloneDX vs SPDX: SBOM Format Comparison 2026
A practical CycloneDX vs SPDX comparison for 2026 buyers: schema depth, tool support, regulatory alignment, and which format to pick for which use case.
How to Read a CycloneDX SBOM: A Line-by-Line Walkthrough
A walkthrough of a CycloneDX 1.6 JSON document — metadata, components, services, dependencies, and vulnerabilities — with a real snippet and what to check first.
cdxgen v12: Reachability Evidence Lands in SBOMs
OWASP's cdxgen v12 ships reachability evidence powered by atom, multi-BOM generation (SBOM, CBOM, SaaSBOM, OBOM, CDXA), and CycloneDX 1.7 as the default. We tested it on a Java monorepo.
CycloneDX 1.7 New Features Reviewed
CycloneDX 1.7 brings richer ML-BOM, better attestations, and VEX tightening. A practical review of what changed and what it means for your SBOM pipeline.
CycloneDX vs SPDX: SBOM Formats Compared
CycloneDX vs SPDX: how the two SBOM formats differ in vulnerability data, licensing, regulatory recognition, and conversion — and which to pick.
SBOM standards and formats compared (SPDX vs CycloneDX vs...
SPDX, CycloneDX, and Syft JSON aren't interchangeable. A concrete breakdown of what each format is for, where Anchore's Syft defaults, and how Safeguard handles both.
Tern SBOM Generation Walkthrough for 2026
A walkthrough of generating SBOMs with Tern in 2026, covering layer-by-layer inspection, CycloneDX output, and practical comparison with Syft.
CycloneDX 1.7 Migration Guide From 1.5
A practical migration path from CycloneDX 1.5 to 1.7 covering schema changes, machine learning BOM additions, formulation, and the tooling adjustments required.