Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Container Security

Alpine vs distroless: which base image is more secure

Alpine and distroless both shrink attack surface differently. We compare real CVEs, musl risks, and patch tradeoffs to settle which base image actually wins.

Jun 27, 20267 min read
Container Security

Scanning container images in CI/CD pipelines

Where to put container image scanning in your CI/CD pipeline, what it actually catches, and how to stop CVE floods from blocking every build.

Jun 27, 20267 min read
Buyer's Guides

Checkmarx vs Snyk: which AppSec platform fits your stack

Checkmarx vs Snyk searches usually miss the real question: does your AppSec stack cover source code, or the full build-to-deploy supply chain? Here's how to check.

Jun 27, 20268 min read
Compliance

PCI DSS compliance for application security teams

PCI DSS 4.0's software inventory rules are enforced since March 2025. Here's why scanner-only tools like Checkmarx miss Requirements 6.3.2, 6.4.3, and 11.6.1.

Jun 25, 20267 min read
Compliance

Federal AST mandate M-22-09 explained

OMB's M-22-09 forces federal agencies to run continuous application security testing under zero trust. Here's what changed, and how Safeguard compares to Checkmarx.

Jun 25, 20267 min read
Buyer's Guides

Best SBOM Tools in 2026: Generation, Management, and Compliance Compared

An honest guide to the best SBOM tools in 2026 — from open-source generators like Syft and Trivy to full SBOM management and AIBOM platforms — with clear guidance on which to use for generation, analysis, and compliance.

Jun 24, 20265 min read
Buyer's Guides

Best Software Supply Chain Security Platforms in 2026: A Buyer's Guide

An honest, side-by-side guide to the best software supply chain security platforms in 2026 — what each tool is genuinely good at, who it fits, and how to choose between zero-CVE, SCA, reachability, and CNAPP approaches.

Jun 24, 20266 min read
Container Security

Helm chart security scanning

Helm charts can render insecure RBAC, network policies, and default passwords even when the container image itself passes every vulnerability scan cleanly.

Jun 24, 20267 min read
Container Security

Detecting vulnerabilities in multi-stage Docker builds

Multi-stage Docker builds hide vulnerabilities, leaked secrets, and untracked dependencies in discarded layers. Here's what final-image scans miss and how to catch it.

Jun 24, 20266 min read
Container Security

Container security throughout the SDLC

A clean build-time scan doesn't mean a secure container. Here's why container security has to span code, build, deploy, and runtime — with real CVE examples.

Jun 23, 20267 min read
Container Security

Minimizing container attack surface

Container images ship 400+ CVEs on average but under 15% are reachable. Learn concrete, numbers-backed steps to cut container attack surface.

Jun 23, 20266 min read
Container Security

Detecting cryptomining malware in container images

Cryptomining malware like Kinsing and TeamTNT quietly hijacks container CPU cycles to mine Monero. Here's how it gets in, how to spot it, and how to stop it.

Jun 23, 20267 min read
sbom (Page 12) — Safeguard Blog