Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

SBOM

SBOM security: key components and top use cases

A practical breakdown of SBOM security components and top use cases—incident response, compliance, M&A—plus how Safeguard's approach differs from SCA-first tools like Mend.io.

May 23, 20268 min read
SBOM

Communicating security posture to customers/investors via...

How to turn SBOMs into a real vendor-risk communication tool for customers and investors, and where Mend.io's scan-first approach falls short.

May 23, 20267 min read
Application Security

Fixing vulnerabilities in Maven projects

Maven vulnerability remediation isn't just running mvn versions:use-latest — here's how to triage, patch, and verify fixes without breaking builds.

May 22, 20266 min read
SBOM

Log4j-style incident response using SBOM inventories

How SBOM inventories turned days of Log4Shell triage into minutes-long queries — and why scanner-first tools like Mend.io struggled when every team needed answers at once.

May 22, 20268 min read
Application Security

Fixing vulnerabilities in Gradle projects

Gradle's resolved dependency graph rarely matches build.gradle. Here's how to find, force-fix, and lock vulnerable transitive dependencies for good.

May 22, 20266 min read
Regulatory Compliance

EU Cyber Resilience Act SBOM requirements

The EU Cyber Resilience Act makes SBOMs a legal requirement, not a best practice. Here's what's mandated, key 2026/2027 deadlines, and how Safeguard compares to Mend.io.

May 22, 20267 min read
Application Security

The ultimate guide to creating a secure Python package

A concrete, numbers-first guide to locking dependencies, signing releases, and scanning for CVEs when building a secure Python package.

May 22, 20266 min read
Application Security

Application security testing types, trends, and top tools

A breakdown of the six core types of application security testing, how Mend.io's SCA-first approach compares to the broader market, and the tools and trends shaping AppSec in 2026.

May 21, 20268 min read
Application Security

10 dimensions of Python static analysis

Python static analysis spans ten distinct techniques, from AST linting to reachability analysis — most teams run only two or three, missing real exploitable risk.

May 21, 20268 min read
SBOM & Compliance

SOC 2 and AppSec Vendors: What to Verify Before You Buy

SOC 2 badges look identical from the outside. Here is what to actually check on audit scope, report type, and transparency before choosing an AppSec vendor.

May 20, 20268 min read
Application Security

.NET and NuGet dependency vulnerability management

NuGet packages have delivered RATs, crypto stealers, and undisclosed data collection to .NET teams. Here's how to detect and defend against .NET/NuGet supply chain risk.

May 20, 20267 min read
Application Security

Securing WordPress plugin dependencies

Real CVEs, a supply-chain hack that hit 360,000 sites, and bundled-library blind spots: what WordPress plugin security actually requires in 2026.

May 19, 20266 min read
sbom (Page 20) — Safeguard Blog