Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

AI Security

Claude Code and Claude Desktop security integrations

Claude Code's shell access and MCP's connector boom are reshaping software supply chain risk. Here's what security teams need to know and do.

Jun 6, 20267 min read
SBOM

From SBOMs to AI BOMs: SPDX 3.0 Explained

SPDX 3.0 adds a formal AI profile for documenting ML models and datasets. Here's what changed, how it compares to CycloneDX, and why it matters now.

Jun 6, 20268 min read
Compliance

ISO 27001 and NIST Framework Alignment for Supply Chain V...

How ISO 27001:2022 and NIST's SSDF, SP 800-161, and CSF 2.0 converge on software supply chain vendors—and where CVE-only scanning tools leave compliance gaps.

Jun 6, 20267 min read
AI Security

Securing AI coding IDE extensions and plugins

VS Code themes with 9M installs shipped backdoors; Cursor's rules files were hijacked in 2025. Here's what AI IDE extension security actually requires.

Jun 5, 20266 min read
SBOM

Sonatype SBOM Manager Overview

A concrete look at Sonatype SBOM Manager — its origins, pricing model, VEX support, and common adoption gaps — for teams evaluating an SBOM manager tool.

Jun 5, 20266 min read
AI Security

Zero-day risk in third-party AI model dependencies

Malicious Hugging Face models, a trojanized Ultralytics PyPI release, and a torch.load bypass show AI model dependencies now carry real zero-day risk.

Jun 5, 20266 min read
AI Security

Sonatype Guide: Securing Agentic AI Development

Sonatype's new guide reframes AI dependency risk, but its scanner-based model can't govern agents that install packages and call MCP tools on their own. Here's the gap and how to close it.

Jun 5, 20269 min read
Regulatory Compliance

Open Source License Compliance Management

Open source license compliance is now a continuous, automated discipline. Here's what Sonatype gets right, where it falls short, and how Safeguard unifies license risk with vulnerability management.

Jun 5, 20268 min read
Buyer's Guides

Best Container Scanning Tools in 2026: An Honest Buyer's Guide

An honest guide to the best container scanning tools in 2026 — from open-source scanners like Trivy and Grype to cloud-context platforms like Wiz and Aqua — with clear guidance on which fits your CI/CD pipeline, registry, and runtime.

Jun 4, 20268 min read
Application Security

OWASP Top 10 vulnerabilities explained

A breakdown of all 10 OWASP Top 10 categories with real CVEs (Log4Shell, Equifax, Heartbleed) mapped to each, and stats on which risks hit production most.

Jun 4, 20266 min read
Application Security

Container Security for the Software Supply Chain

Container scanning means more than SCA: OS layers, secrets, and provenance matter too. See the gaps in SCA-first tools and how Safeguard closes them.

Jun 4, 20267 min read
Application Security

Implementing the OWASP Top 10 Proactive Controls

A field guide to the OWASP Top 10 Proactive Controls: what each control requires, real breach examples like Equifax, and how to implement them in CI/CD.

Jun 4, 20267 min read
sbom (Page 16) — Safeguard Blog