Safeguard
Tag

due-diligence

Safeguard articles tagged "due-diligence" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Compliance

What open source scans miss in M&A due diligence

Open source composition scans like Black Duck catch known packages and licenses — but M&A due diligence needs to catch what those scans miss too.

Jun 15, 20268 min read
SBOM

Communicating security posture to customers/investors via...

How to turn SBOMs into a real vendor-risk communication tool for customers and investors, and where Mend.io's scan-first approach falls short.

May 23, 20267 min read
Compliance

Open source license risk in M&A due diligence

Open source license conflicts hide in most acquisition targets' codebases. Here's why manifest-based SCA tools like Mend.io miss them in M&A diligence — and what a real audit needs.

May 22, 20268 min read
Regulatory Compliance

Reachability Analysis For EU CRA Due Diligence

EU CRA enforcement asks vendors and operators to demonstrate due diligence on software components. Reachability is the evidence that makes the demonstration honest.

Mar 10, 20263 min read
SBOM

SBOM-Driven Due Diligence for M&A

How SBOMs have become a standard input to technical due diligence for software acquisitions, what acquirers actually look for, and how sellers should prepare.

Mar 4, 20267 min read
AI Security

Enterprise AI Procurement Due Diligence Checklist

AI-for-security procurement covers more than feature comparison. The due diligence checklist that surfaces structural differences between vendors.

Feb 19, 20262 min read
Buyer's Guides

Best open source audit tools for M&A due diligence

A practical buyer's guide to open source audit tools for M&A due diligence, comparing ScanCode, FOSSology, ORT, Syft/Grype, FOSSA, and Black Duck.

Nov 5, 20258 min read
Software Supply Chain Security

How to Security Audit an Open Source Project Before Adoption

Adopting an open source dependency is a trust decision. This guide provides a structured methodology for evaluating the security posture of open source projects before adding them to your supply chain.

Jan 15, 20246 min read
due-diligence — Safeguard Blog