Safeguard
Tag

cyclonedx

Safeguard articles tagged "cyclonedx" — guides, analysis, and best practices for software supply chain and application security.

71 articles

Industry Analysis

How Snyk's AI-BOM API lets teams query AI component inven...

How Snyk's AI-BOM API exposes AI model and dataset inventories as queryable, CycloneDX-aligned data teams can pull into CI, GRC, and asset tooling programmatically.

Aug 20, 20258 min read
Buyer's Guides

SBOM Format Wars: CycloneDX vs SPDX in Practice

CycloneDX and SPDX both claim to be "the" SBOM standard. Here's where they actually diverge on VEX support, license compliance, and government mandates — and which to pick.

Jul 30, 20257 min read
SBOM

VEX Documents: The Missing Context That Makes SBOMs Actio...

SBOMs list every component but stay silent on whether a CVE is actually exploitable. VEX documents supply that missing context — here's how the standard works.

Jul 29, 20257 min read
Supply Chain

SBOM File Formats, Explained

An SBOM file is only useful if the tools reading it agree on its structure — here's what CycloneDX, SPDX, and SWID actually look like and when each one fits.

Mar 18, 20255 min read
Supply Chain

SBOM Example: Reading a Real CycloneDX and SPDX Document

One component, two formats: a field-by-field walkthrough of a real CycloneDX and SPDX SBOM — purls, licenses, hashes, dependency graphs, and how to validate your own.

Mar 18, 20256 min read
SBOM & Compliance

Java SBOM Generation Tools Compared

Six tools generate SBOMs from Java projects. They disagree on transitive depth, license fields, and licensing of their own output. A head-to-head.

Dec 5, 20245 min read
SBOM & Compliance

SBOM Quality Benchmarking: What We Found in 2024

We scored 1,200 production SBOMs in 2024 across CycloneDX and SPDX. The quality distribution is worse than advertised and we have the numbers.

Nov 8, 20245 min read
Comparisons

CycloneDX vs SPDX in Practice: Choosing an SBOM Format

Both formats are standards, both are mandated somewhere, and your tooling probably emits both. What actually differs when you run CycloneDX and SPDX in production.

Oct 23, 20246 min read
Engineering

CycloneDX and SPDX: Why Safeguard Supports Both and How We Normalize Between Them

The SBOM format debate misses the point. Safeguard ingests both CycloneDX and SPDX, normalizes to a common model, and lets you query and export in either format.

Oct 15, 20247 min read
Concepts

What is an SBOM Drift

SBOM drift is the gap between what your software bill of materials claims and what the artifact actually contains. Here's how it happens and how to detect it with a diff.

Oct 8, 20247 min read
SBOM & Compliance

Migrating SBOM Tooling Providers

A practical field guide to switching SBOM tooling vendors without losing historical data, breaking compliance reports, or annoying the auditors.

May 18, 20248 min read
SBOM & Compliance

Medical Device SBOM Requirements in Practice

SBOMs for medical devices look straightforward on paper and get complicated fast in the real world. A field report on what regulators actually accept and what engineering teams actually produce.

Apr 25, 20247 min read
cyclonedx (Page 5) — Safeguard Blog