inventory
Safeguard articles tagged "inventory" — guides, analysis, and best practices for software supply chain and application security.
12 articles
Detecting shadow MCP servers in developer environments
Unauthorized MCP servers running on developer laptops are the agent-era equivalent of shadow IT. Here is how to inventory them, see them at runtime, and bring them under policy.
You Cannot Secure What You Cannot See: Asset Discovery
Most breaches start with an asset nobody remembered owning. Continuous asset discovery is the foundation that every other control depends on.
Discovering Shadow AI Models In Production
Engineers ship models faster than security can track them. Here is how to find shadow AI in production without slowing the teams that build it.
Inventory Of MCP Servers: Enterprise Program
MCP servers proliferate faster than governance can track them. Build an inventory program that captures every server, tool, and consumer agent.
Finding Forgotten Public npm Packages In Your Org
Public npm packages your org published years ago are now an attacker's best targets. Find them before someone else does.
Unifying Software And AI Assets In One Graph
Two parallel inventories for software and AI assets do not survive contact with reality. A unified graph is what makes governance feasible.
Asset Discovery For M&A Due Diligence
M&A due diligence runs on questionnaires that nobody can verify. Continuous asset discovery turns the diligence period into a data exercise.
Runtime Asset Attribution: Pods To Services
Mapping a running pod back to a service, repo, owner, and SBOM is the boring infrastructure that makes every other security control useful.
Asset Discovery As CMDB Replacement In 2026
The traditional CMDB cannot keep up with cloud, AI, and agent workloads. Continuous discovery is the only model that survives 2026.
Tracking Vendor-Supplied Binaries In Your Runtime
Vendor binaries run as root and ship without SBOMs. Continuous discovery brings them under the same governance as your own code.
MCP Server Inventory: Griffin AI vs Mythos
MCP servers are privileged dependencies. An inventory that tracks them like SBOM tracks packages is the minimum bar — and not every tool meets it.
Continuous Asset Discovery vs Quarterly Inventory
Quarterly inventories are wrong by the time they are signed. Continuous discovery is the only model that matches modern rates of change.