sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
Patch management strategies for open source dependencies
A practical guide to patch management for open source dependencies: prioritizing by reachability and EPSS, not CVSS alone, and building a repeatable remediation loop.
Open source dependency vulnerability scanning explained
How open source vulnerability scanning works, why false positives plague tools like Aikido, and how reachability and SBOMs cut real triage time.
Reachability analysis for prioritizing vulnerabilities
Reachability analysis cuts vulnerability noise by 70-90% by tracing which CVEs are actually callable from your code, not just present in your dependency tree.
Trivy alternatives for container and IaC scanning
Trivy alternatives usually aren't about scanner quality — they're about the backlog, SBOM lifecycle, and compliance work that comes after. Trivy vs Safeguard, feature by feature.
iOS application security best practices
Concrete iOS app security controls—Keychain data protection, ATS, dependency vetting, and privacy manifests—grounded in real CVEs like CocoaPods 2024 and BLASTPASS.
Safeguard vs Trivy: vulnerability scanning depth and reme...
Trivy scans fast and free, but leaves remediation to you. See how Safeguard's platform handles cross-repo correlation, prioritization, and audit-ready fix tracking.
Android application security best practices
A practical, evidence-based guide to Android app security: data storage, network hardening, SDK risk, and CI/CD signing, with concrete CVEs and stats.
OSS container image scanning tools compared
Trivy finds CVEs fast and free. Safeguard compares how each handles fleet-wide inventory, triage, policy enforcement, and audit evidence at scale.
Best SBOM tools compared (including Trivy)
Trivy generates SBOMs fast at scan time. Safeguard turns those SBOMs into a versioned, queryable inventory you can match against new CVEs org-wide.
Browser extension security risks for developers
Cyberhaven's Chrome extension breach hit 400,000 users in hours. Here's how attackers hijack trusted extensions, and how to detect the risk before it spreads.
Electron app security best practices
nodeIntegration, contextIsolation, Chromium patch lag, and npm supply chain risk: the Electron security best practices that actually stop RCE.
Securing IoT device firmware supply chains
How Ripple20, Mirai, and Realtek SDK flaws exposed IoT firmware supply chains, what EU CRA and FDA SBOM rules require, and what reachability adds.