sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
OCI image vulnerability scanning explained
A concrete breakdown of how OCI image vulnerability scanning works, where scanners miss real risk, and how to build a scan workflow that doesn't drown teams in noise.
Veracode Trust Center walkthrough / vendor security trans...
What Veracode's trust center actually proves about vendor security — and why SOC 2 reports don't answer software supply chain questions like SBOM and build provenance.
Docker Hub malicious image detection
Docker Hub's open upload model has enabled real cryptojacking and phishing campaigns — here's how attackers hide malware in images and how to detect them.
Application Security: The Complete Guide
What is application security? A concrete guide covering AppSec fundamentals, OWASP Top 10 risks, supply chain threats, and how Safeguard fills the gaps legacy tools like Veracode leave open.
Reducing CVEs in container base images
Base images inherit hundreds of OS-level CVEs your app never touches. Here's how reachability analysis and minimal bases cut real risk, not just counts.
The AWS shared responsibility model explained
AWS secures the cloud; you secure what's in it. Here's exactly where that line falls across EC2, RDS, Lambda, and EKS -- with real breach examples.
Vulnerability Scanner Tools: how they work
A breakdown of how SAST, DAST, SCA, and container vulnerability scanner tools actually work, where Veracode fits, and why false positives remain the industry's biggest problem.
AI Code Security Tools: risks of restricting them
Banning AI coding assistants doesn't remove the risk, it just removes visibility. Here's why restriction backfires and what actually secures AI-generated code.
Audit Preparation for AppSec programs
Veracode scans your code, but auditors want proof: which artifact shipped, which SBOM covers it, who approved every exception. Here's what closes that gap.
DORA (Digital Operational Resilience Act) and code-level ...
DORA turns code-level and open-source risk into a regulatory obligation. Here's what dora compliance software security actually requires, and where tools like Veracode fall short.
Application Security for the Public Sector: What's Different
Application security for public sector agencies runs under FedRAMP, StateRAMP, and Executive Order 14028 SBOM mandates that private-sector programs rarely have to satisfy on the same timeline.
Why a Customer Trust Center matters for vendor risk reviews
Vendor security reviews stall without a live trust center. See what appsec teams check, how Veracode approaches transparency, and how Safeguard's trust center speeds reviews.