Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Application Security

Securing AWS Lambda functions

A practical guide to AWS Lambda security best practices: IAM scoping, dependency risk, secrets handling, and runtime detection for serverless apps.

Jun 16, 20267 min read
AI Security

Building Securely with AI (secure AI-assisted development)

AI coding assistants ship code fast — Veracode found 45% of AI-generated code contains security flaws. Here's what secure AI-assisted development actually requires.

Jun 16, 20267 min read
Compliance

What open source scans miss in M&A due diligence

Open source composition scans like Black Duck catch known packages and licenses — but M&A due diligence needs to catch what those scans miss too.

Jun 15, 20268 min read
Container Security

Deep visibility into hardened/minimal container images (d...

Distroless images strip the package managers most scanners rely on. Here's how Safeguard achieves deep visibility into hardened images, compared to Black Duck's SCA heritage.

Jun 15, 20268 min read
AI Security

Prompt injection attacks: direct vs indirect

Direct prompt injection comes from the chat box; indirect injection hides in the data your AI agent trusts. Here's how the two attack types differ and what stops each.

Jun 14, 20266 min read
Buyer's Guides

ASPM platform buyer's guide (Software Risk Manager)

A fact-based comparison of Safeguard and Black Duck's Software Risk Manager for teams evaluating ASPM platforms: architecture, SCA heritage, deployment.

Jun 13, 20268 min read
AI Security

How to Audit the Dependencies of an AI Agent

An AI agent's dependency tree spans packages, MCP servers, models, and system prompts. A step-by-step audit method that actually enumerates all four layers.

Jun 12, 20266 min read
AI Security

AI hallucinations and their security implications for developers

LLMs hallucinate nonexistent packages in up to 1 in 5 code samples — and slopsquatting attacks are already exploiting that predictability in the wild.

Jun 12, 20266 min read
Application Security

BSIMM16 report: benchmarking software security program ma...

BSIMM16 shows AI now drives more security program change than any other force, with 111 firms assessed and SBOM use up nearly 30%. Here's what it means — and its blind spots.

Jun 12, 20267 min read
Compliance

Open source license compliance and risk management

How to manage open source license risk beyond point-in-time scans: copyleft traps, MongoDB/Elastic relicensing, and why continuous checks beat Black Duck-style audits.

Jun 12, 20267 min read
Industry Analysis

Financial services application security compliance

PCI DSS 4.0, DORA, and NYDFS 500 now demand provable SBOM and provenance evidence — see where legacy SCA tools like Black Duck fall short for financial services teams.

Jun 11, 20266 min read
Industry Analysis

Medical device software security and compliance

FDA's 2023 cybersecurity mandate turned SBOMs into a submission gate. Here's what medical device makers actually need, and where legacy SCA tools like Black Duck fall short.

Jun 11, 20267 min read
sbom (Page 14) — Safeguard Blog