Safeguard
Tag

cyclonedx

Safeguard articles tagged "cyclonedx" — guides, analysis, and best practices for software supply chain and application security.

71 articles

AI Security

AI Bill of Materials (ML-BOM) Standards in 2026

A senior engineer's survey of AI-BOM and ML-BOM standards in 2026, from CycloneDX ML components to SPDX 3.0 AI profile, and what to actually ship.

Mar 18, 20267 min read
Best Practices

Best SBOM Management Platforms 2026 Review

A 2026 review of the best SBOM management platforms, comparing Dependency-Track, Anchore, Kusari, and Safeguard on depth and compliance.

Mar 15, 20267 min read
Best Practices

How to Generate an SBOM with GitHub Actions (2026)

SBOMs are a compliance table-stakes artifact in 2026. Here is a production GitHub Actions workflow that generates, signs, and attests a CycloneDX SBOM on every release.

Mar 6, 20266 min read
Software Supply Chain Security

CycloneDX

CycloneDX is the OWASP-backed SBOM standard for tracking software components, vulnerabilities, and VEX statements. Here's what is CycloneDX and how it compares to SPDX.

Mar 3, 20267 min read
Software Supply Chain Security

SPDX

What is SPDX? A plain-English guide to the ISO-standard SBOM and license format that documents what's really inside your software.

Mar 3, 20267 min read
Research

SBOM Quality Across Ecosystems: 2026 Report

The Safeguard Research team measured SBOM quality across ecosystems and generators. The gaps between formats, tools, and languages are larger than most teams assume.

Feb 26, 20268 min read
SBOM

OpenVEX vs. CycloneDX VEX: Which to Pick

A direct comparison of OpenVEX and CycloneDX VEX in 2026, covering spec differences, tooling support, and the operational tradeoffs that actually affect your choice.

Feb 11, 20266 min read
Tools

Best SBOM Generators Ranked by Accuracy 2026

Syft, Trivy, cdxgen, and Microsoft sbom-tool measured against known dependency ground truth across four ecosystems. The accuracy spread is wider than you think.

Feb 9, 20266 min read
Best Practices

FAQ: CycloneDX vs SPDX — Which to Use?

Practical answers to the most common CycloneDX vs SPDX questions: differences, tooling, regulatory preference, VEX support, and when to emit both.

Feb 4, 20266 min read
Industry Analysis

State of SBOM Adoption Across Industries 2026

How SBOM adoption differs across finance, healthcare, public sector, manufacturing, and tech in 2026, where the real operational usage is, and where it stalls.

Jan 30, 20268 min read
Software Supply Chain Security

AI BOM Spec Comparison: CycloneDX ML-BOM in 2026

AI bills of materials moved from proposal to procurement requirement. A practical comparison of CycloneDX ML-BOM, SPDX 3.0 AI profile, and what to ship in 2026.

Jan 29, 20266 min read
SBOM

SBOM Distribution Patterns: TEA, VEX, and the Last Mile in 2026

How SBOMs actually move between producers and consumers in 2026, what TEA and VEX are solving, and the distribution patterns that hold up in production.

Jan 22, 20265 min read
cyclonedx (Page 3) — Safeguard Blog