sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
Securing AWS Lambda functions
A practical guide to AWS Lambda security best practices: IAM scoping, dependency risk, secrets handling, and runtime detection for serverless apps.
Building Securely with AI (secure AI-assisted development)
AI coding assistants ship code fast — Veracode found 45% of AI-generated code contains security flaws. Here's what secure AI-assisted development actually requires.
What open source scans miss in M&A due diligence
Open source composition scans like Black Duck catch known packages and licenses — but M&A due diligence needs to catch what those scans miss too.
Deep visibility into hardened/minimal container images (d...
Distroless images strip the package managers most scanners rely on. Here's how Safeguard achieves deep visibility into hardened images, compared to Black Duck's SCA heritage.
Prompt injection attacks: direct vs indirect
Direct prompt injection comes from the chat box; indirect injection hides in the data your AI agent trusts. Here's how the two attack types differ and what stops each.
ASPM platform buyer's guide (Software Risk Manager)
A fact-based comparison of Safeguard and Black Duck's Software Risk Manager for teams evaluating ASPM platforms: architecture, SCA heritage, deployment.
How to Audit the Dependencies of an AI Agent
An AI agent's dependency tree spans packages, MCP servers, models, and system prompts. A step-by-step audit method that actually enumerates all four layers.
AI hallucinations and their security implications for developers
LLMs hallucinate nonexistent packages in up to 1 in 5 code samples — and slopsquatting attacks are already exploiting that predictability in the wild.
BSIMM16 report: benchmarking software security program ma...
BSIMM16 shows AI now drives more security program change than any other force, with 111 firms assessed and SBOM use up nearly 30%. Here's what it means — and its blind spots.
Open source license compliance and risk management
How to manage open source license risk beyond point-in-time scans: copyleft traps, MongoDB/Elastic relicensing, and why continuous checks beat Black Duck-style audits.
Financial services application security compliance
PCI DSS 4.0, DORA, and NYDFS 500 now demand provable SBOM and provenance evidence — see where legacy SCA tools like Black Duck fall short for financial services teams.
Medical device software security and compliance
FDA's 2023 cybersecurity mandate turned SBOMs into a submission gate. Here's what medical device makers actually need, and where legacy SCA tools like Black Duck fall short.