Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Supply Chain

Software Supply Chain Security Solutions: A Comparison Framework

A framework for comparing software supply chain security solutions across the four capabilities that matter, SBOM generation, dependency scanning, provenance verification, and CI/CD gating.

May 19, 20265 min read
DevSecOps

Top 8 DevSecOps best practices

Log4Shell and the xz backdoor show why DevSecOps matters. Eight concrete practices — from reachability triage to auto-fix PRs — teams can implement now.

May 19, 20267 min read
DevSecOps

How to implement DevSecOps in 4 steps

A concrete, 4-step playbook for implementing DevSecOps — pipeline gating, SBOM generation, reachability-based triage, and auto-fix PRs.

May 19, 20267 min read
DevSecOps

DevSecOps automation: principles, frameworks, and tools

A practical breakdown of DevSecOps automation frameworks — principles, standards like NIST SSDF, and the tools that turn shift-left security into a repeatable pipeline.

May 19, 20268 min read
DevSecOps

The 4 best DevSecOps tools for a secure DevOps workflow

The 4 DevSecOps tool categories a secure pipeline needs — SCA, SAST, container/IaC scanning, secrets scanning — with real incidents and fixes.

May 18, 20267 min read
DevSecOps

Building a security-conscious CI/CD pipeline

CI/CD pipelines are now the top supply chain target. Here's how to build one with real controls—secrets, scoping, SBOMs, and provenance.

May 18, 20266 min read
DevSecOps

8 tips for securing your CI/CD pipeline

Real incidents like tj-actions and xz-utils show how CI/CD pipelines get compromised. Eight concrete, actionable tips to lock yours down.

May 18, 20266 min read
DevSecOps

Securing self-hosted GitHub Actions runners

Self-hosted GitHub Actions runners trade GitHub's ephemeral isolation for persistent infrastructure access — here's how real incidents like CVE-2025-30066 exploited that gap.

May 17, 20267 min read
Application Security

Secrets management: tools and best practices

Secrets leak because of workflow gaps, not carelessness. Here's how vaults, scanners, and rotation policies actually stop credential exposure.

May 16, 20267 min read
Vulnerability Management

Patch Transparency: Auditing Automated Fix Pull Requests

Automated fix PRs from Dependabot, Renovate, and Endor Labs move fast but are rarely auditable. Here's what a real patch transparency record needs.

May 16, 20267 min read
Vulnerability Management

Zero-Day Patch Response at Scale: Can Open Source Maintai...

Zero-day patch timelines swing from 3 hours to 10 weeks across open source projects. Here's why maintainer capacity, not tooling, is the real bottleneck.

May 16, 20268 min read
Regulatory Compliance

Medical Device Cybersecurity Under FDA 524B in 2026

Three years into Section 524B, medical device manufacturers are operating under genuine premarket cybersecurity expectations. Here is what the 2026 submission and postmarket landscape actually requires.

May 15, 20266 min read
sbom (Page 21) — Safeguard Blog