Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Container Security

OCI image vulnerability scanning explained

A concrete breakdown of how OCI image vulnerability scanning works, where scanners miss real risk, and how to build a scan workflow that doesn't drown teams in noise.

Jun 22, 20267 min read
Compliance

Veracode Trust Center walkthrough / vendor security trans...

What Veracode's trust center actually proves about vendor security — and why SOC 2 reports don't answer software supply chain questions like SBOM and build provenance.

Jun 22, 20268 min read
Container Security

Docker Hub malicious image detection

Docker Hub's open upload model has enabled real cryptojacking and phishing campaigns — here's how attackers hide malware in images and how to detect them.

Jun 21, 20267 min read
Application Security

Application Security: The Complete Guide

What is application security? A concrete guide covering AppSec fundamentals, OWASP Top 10 risks, supply chain threats, and how Safeguard fills the gaps legacy tools like Veracode leave open.

Jun 21, 202612 min read
Container Security

Reducing CVEs in container base images

Base images inherit hundreds of OS-level CVEs your app never touches. Here's how reachability analysis and minimal bases cut real risk, not just counts.

Jun 21, 20267 min read
Application Security

The AWS shared responsibility model explained

AWS secures the cloud; you secure what's in it. Here's exactly where that line falls across EC2, RDS, Lambda, and EKS -- with real breach examples.

Jun 20, 20266 min read
Application Security

Vulnerability Scanner Tools: how they work

A breakdown of how SAST, DAST, SCA, and container vulnerability scanner tools actually work, where Veracode fits, and why false positives remain the industry's biggest problem.

Jun 20, 20267 min read
AI Security

AI Code Security Tools: risks of restricting them

Banning AI coding assistants doesn't remove the risk, it just removes visibility. Here's why restriction backfires and what actually secures AI-generated code.

Jun 19, 20267 min read
Compliance

Audit Preparation for AppSec programs

Veracode scans your code, but auditors want proof: which artifact shipped, which SBOM covers it, who approved every exception. Here's what closes that gap.

Jun 19, 20267 min read
Compliance

DORA (Digital Operational Resilience Act) and code-level ...

DORA turns code-level and open-source risk into a regulatory obligation. Here's what dora compliance software security actually requires, and where tools like Veracode fall short.

Jun 18, 20267 min read
Compliance

Application Security for the Public Sector: What's Different

Application security for public sector agencies runs under FedRAMP, StateRAMP, and Executive Order 14028 SBOM mandates that private-sector programs rarely have to satisfy on the same timeline.

Jun 17, 20265 min read
Compliance

Why a Customer Trust Center matters for vendor risk reviews

Vendor security reviews stall without a live trust center. See what appsec teams check, how Veracode approaches transparency, and how Safeguard's trust center speeds reviews.

Jun 17, 20267 min read
sbom (Page 13) — Safeguard Blog