Safeguard
Tag

cyclonedx

Safeguard articles tagged "cyclonedx" — guides, analysis, and best practices for software supply chain and application security.

71 articles

Guides

How to Generate an SBOM in a GitLab CI Pipeline

A working .gitlab-ci.yml for SBOM generation with Syft: CycloneDX report artifacts, a Grype scan stage, and Cosign attestations pushed next to the image.

Mar 3, 20245 min read
DevSecOps

SBOM Tooling Landscape in 2023: What Actually Works

The SBOM tooling ecosystem has matured significantly, but choosing the right tools still requires understanding the tradeoffs between formats, generators, and analysis platforms.

Sep 15, 20235 min read
SBOM & Compliance

How to Generate SBOMs From Maven Projects

Produce accurate CycloneDX SBOMs from Maven builds using the official plugin, handle multi-module reactors, and ship attested SBOMs alongside your JARs.

Aug 5, 20234 min read
SBOM & Compliance

How to Structure an SBOM Review Process

Build a repeatable SBOM review workflow that catches license risks, stale dependencies, and unexpected components before they ship to customers.

Jul 18, 20235 min read
SBOM Standards

CycloneDX v1.5: New Features and What They Mean for Your SBOM Program

CycloneDX v1.5 introduced formulation, machine learning BOMs, and expanded evidence. Here is what changed and how to take advantage of it.

Jun 20, 20236 min read
Tool Reviews

Anchore Syft: The Go-To Open Source SBOM Generator

A thorough review of Anchore's Syft SBOM generation tool, covering supported formats, language ecosystems, container scanning, and integration patterns.

Jun 8, 20236 min read
SBOM

SBOM Format Conversion: Tools and Techniques

Your supplier sends SPDX, your platform expects CycloneDX. Here's how to convert between SBOM formats without losing critical data.

Jan 18, 20236 min read
How-To Guide

How to Create Your First SBOM

A practical, step-by-step guide to generating your first Software Bill of Materials using open-source tools and integrating it into your development workflow.

Jul 5, 20225 min read
SBOM

CycloneDX Specification Deep Dive: Beyond the Basics

CycloneDX is more than a component list. This deep dive covers services, vulnerabilities, compositions, and the parts of the spec most teams overlook.

May 12, 20226 min read
Compliance & Regulations

SBOM Formats Compared: CycloneDX vs SPDX in 2022

Two SBOM standards are competing for adoption. CycloneDX and SPDX take fundamentally different approaches to describing software components. Here's what matters when choosing between them.

Feb 5, 20225 min read
Compliance & Regulations

Understanding SBOM Requirements Under EO 14028

Executive Order 14028 mandates SBOMs for federal software procurement. Here's a practical breakdown of what's required, what formats to use, and how to get compliant.

Jun 1, 20216 min read
cyclonedx (Page 6) — Safeguard Blog