Safeguard
Tag

cyclonedx

Safeguard articles tagged "cyclonedx" — guides, analysis, and best practices for software supply chain and application security.

71 articles

SBOM

Generating and exporting a software bill of materials in AWS

A practical walkthrough for generating and exporting an AWS SBOM using Inspector and ECR -- plus troubleshooting tips and how Safeguard helps.

Jan 19, 20267 min read
AI Security

CycloneDX ML-BOM in 1.7: Implementation Guide

CycloneDX 1.7 was published in October 2025 and adopted by the General Assembly in December. We unpack what the ML-BOM capability means in practice for AI inventory.

Jan 15, 20267 min read
Standards

CycloneDX 1.7 Ratified as ECMA-424 2nd Edition (December 2025)

CycloneDX v1.7 was adopted as ECMA-424, 2nd Edition by the Ecma General Assembly in December 2025. We unpack citations, cryptographic assets, and distribution constraints.

Dec 15, 20255 min read
Standards

CycloneDX 1.7 Deep Dive: Cryptography, Citations, and Patents

CycloneDX 1.7 released in October 2025 with first-class cryptography metadata, a new Citations element, and patent-aware IP fields. We walk through what changed and which producers should adopt now.

Dec 9, 20257 min read
Buyer's Guides

Best open source SBOM generation tools

A practical, no-hype comparison of open source SBOM generation tools — Syft, Trivy, cdxgen, Microsoft sbom-tool, SPDX Tools, and Tern — plus what to check before you pick one.

Nov 19, 20258 min read
Tools

Syft v1.20 Release: Faster Scans, Smarter License Detection

Anchore's Syft v1.20 ships a refactored license cataloger, Bitnami SBOM passthrough, and a 2x speedup on filesystem scans. We tested the upgrade on five real codebases.

Sep 18, 20255 min read
SBOM

SBOM Interoperability: Bridging CycloneDX and SPDX

Your suppliers send SPDX. Your tools expect CycloneDX. Interoperability between SBOM formats is a real operational challenge. Here is how to solve it.

Sep 10, 20256 min read
Supply Chain

What Is a Software Ingredient Label?

Food gets an ingredient panel; software gets an SBOM. What a software ingredient label contains, who is demanding one, and how to generate yours automatically.

Sep 9, 20256 min read
SBOM

How Snyk Container generates a Software Bill of Materials...

How Snyk Container statically scans image layers, parses OS package databases and lockfiles, and exports CycloneDX/SPDX SBOMs — mechanically explained.

Sep 5, 20257 min read
Concepts

What is a Vulnerability Exploitability eXchange (VEX) Statement

A VEX statement is a machine-readable assertion of whether a product is actually affected by a CVE — the document that stops your customers from triaging your SBOM for you.

Aug 22, 20256 min read
Industry Analysis

How Snyk AI-BOM generates a CycloneDX v1.6-compliant ML-BOM

How Snyk's aibom CLI uses static analysis to detect models, agents, and MCP servers, then maps them into a CycloneDX v1.6-compliant ML-BOM structure.

Aug 21, 20257 min read
SBOM

How Snyk AI-BOM's continuous refresh model differs from a...

How Snyk's AI-BOM keeps model and dataset inventories current through continuous refresh, and why that differs mechanically from a point-in-time static SBOM export.

Aug 20, 20258 min read
cyclonedx (Page 4) — Safeguard Blog