Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

DevSecOps

Shifting security left: what it really means for teams

Shift left security means catching vulnerabilities at commit time, not audit time. Here's what that requires in practice, with real CVEs and numbers.

May 15, 20266 min read
SBOM & Compliance

Open Source License Compliance: Automating License Risk R...

Manual license audits miss GPL contamination and copyleft traps. Here's how automated license risk reports work, and how Safeguard stacks up against Endor Labs.

May 15, 20267 min read
Supply Chain Attacks

RabbitMQ management plugin CVEs: brokers deserve database-grade SBOM scrutiny

Authentication and plugin-loading risks in RabbitMQ's management plugin show why message brokers, which hold credentials and pass payloads, should be inventoried with the same rigor as databases.

May 14, 20266 min read
SBOM & Compliance

PCI DSS Requirements for Application Security Testing

PCI DSS 4.0's March 2025 deadline made SBOMs and 30-day patch SLAs mandatory. Here's what Requirements 6.3.2, 6.4.2, and 11.3 actually demand, and where Endor Labs leaves compliance gaps.

May 14, 20267 min read
Buyer's Guides

npm audit isn't enough: what it misses

npm audit catches known CVEs and stops there. It misses malicious packages, install scripts, and typosquats -- the threats actually landing in npm today.

May 13, 20268 min read
Compliance

SOC 2 compliance guide for engineering teams

SOC 2 audits fail on missing evidence, not bad intentions. Here's what engineering teams must actually build, track, and prove — with real timelines and costs.

May 13, 20267 min read
Compliance

ISO 27001 compliance for software development teams

ISO/IEC 27001:2022 audits now check 8 SDLC controls directly — SBOMs, vulnerability SLAs, and CI/CD evidence dev teams commonly get flagged on.

May 13, 20268 min read
Product

CI/CD pipeline dependency security integration coverage

How does Safeguard's pipeline-native dependency security compare to Socket.dev's PR-comment model? A concrete look at coverage, enforcement, and deployment options.

May 13, 20267 min read
Compliance

Cheat sheet: meeting security compliance standards

A concrete, numbers-first cheat sheet for SOC 2, ISO 27001, PCI DSS 4.0, and SBOM mandates — deadlines, timelines, and audit gaps that actually matter.

May 12, 20267 min read
Supply Chain Attacks

BMC firmware and the supply chain you forgot you had

Baseboard management controllers run their own operating system below your hypervisor, ship as binary blobs from vendors like AMI and Insyde, and almost never appear in an SBOM. The MegaRAC incidents made that gap impossible to ignore.

May 12, 20268 min read
Compliance

GDPR compliance considerations for application security teams

GDPR's Article 32 doesn't name SAST or SBOM, but fines like Meta's €1.2B and BA's £20m trace straight back to AppSec gaps.

May 12, 20266 min read
Compliance

HIPAA compliance in software development

HIPAA compliance in software development means encryption, access logging, and vulnerability management baked into the SDLC — not paperwork. Here's what engineers must build.

May 12, 20266 min read
sbom (Page 22) — Safeguard Blog