Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

974 articles

Open Source Security

Software Composition Analysis (SCA)

SCA finds every open source package in your code and flags known CVEs against it. Here's how it works, its blind spots, and how to fix them.

Apr 15, 20266 min read
SBOM

CycloneDX vs SPDX: SBOM Format Comparison 2026

A practical CycloneDX vs SPDX comparison for 2026 buyers: schema depth, tool support, regulatory alignment, and which format to pick for which use case.

Apr 14, 20265 min read
Software Supply Chain Security

SCA vs SBOM: What's the Difference

SCA and SBOM aren't the same thing: one is a scanning process, the other is a compliance artifact. Here's how they differ and why you need both.

Apr 14, 20267 min read
Cloud Security

SSDF (Secure Software Development Framework)

NIST SP 800-218 turned SSDF into a federal procurement gate. Here is what it requires, why attestation is mandatory, and where CNAPP tools like Aqua fall short.

Apr 14, 20267 min read
Cloud Security

Software Supply Chain Attacks

Software supply chain attacks like SolarWinds, XZ Utils, and polyfill.io exploit trust, not code. Here's how they work and how Safeguard closes the provenance gap.

Apr 14, 20267 min read
SBOM

How to Read a CycloneDX SBOM: A Line-by-Line Walkthrough

A walkthrough of a CycloneDX 1.6 JSON document — metadata, components, services, dependencies, and vulnerabilities — with a real snippet and what to check first.

Apr 13, 20267 min read
Cloud Security

Dependency Confusion Attack

How dependency confusion attacks exploit registry name collisions to run attacker code inside corporate networks, from Alex Birsan's 2021 research to the 2022 PyTorch breach.

Apr 13, 20266 min read
Application Security

What is Vulnerability Scanning

Vulnerability scanning automatically checks code, dependencies, and infra against known-flaw databases like the NVD. Here's how it works and why reachability matters.

Apr 13, 20267 min read
Application Security

What is Vulnerability Management

Vulnerability management turns thousands of CVEs into a ranked, fixable backlog. Here's how the lifecycle, prioritization, and standards actually work.

Apr 13, 20266 min read
Best Practices

You Cannot Secure What You Cannot See: Asset Discovery

Most breaches start with an asset nobody remembered owning. Continuous asset discovery is the foundation that every other control depends on.

Apr 12, 20267 min read
Application Security

What is Application Security Posture Management (ASPM)

ASPM correlates SCA, SAST, DAST, and cloud findings with reachability context to cut alert noise 60-90% and speed remediation.

Apr 12, 20266 min read
Application Security

Application Risk Management: Methods and Tools

A practical breakdown of application risk management: the methods (reachability, RBVM), the tool categories (SCA, SAST, DAST, CSPM), and how to fix the backlog problem.

Apr 12, 20266 min read
sbom (Page 30) — Safeguard Blog