Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

974 articles

Application Security

Attack surface reduction: practical strategies to minimiz...

Base images are one layer. Real attack surface reduction covers dependencies, build pipelines, and provenance too — here's what Chainguard's approach misses.

Apr 2, 20267 min read
Open Source Security

What is Dependency Management

Dependency management means tracking, scanning, and patching the open source packages your app relies on -- here's how it works and why it matters.

Apr 2, 20267 min read
Vulnerability Management

Vulnerability management for the modern engineering team

A vulnerability management program for engineering teams needs more than zero-CVE base images. Here's how Safeguard closes the gaps Chainguard leaves open.

Apr 2, 20267 min read
Open Source Security

Known Vulnerabilities in Dependencies

Known vulnerabilities in dependencies cause most supply-chain breaches, not because they're undetected but because teams can't tell which ones are reachable.

Apr 1, 20267 min read
Open Source Security

What is Open Source Security

Open source powers 70-90% of modern codebases. Learn what open source security means, its real risks, and how reachability analysis cuts through the noise.

Apr 1, 20266 min read
Compliance

FedRAMP High: requirements and readiness

What FedRAMP High actually requires: 421 controls, 12-24 month timelines, and how supply chain security vendors like Chainguard and Safeguard measure up.

Apr 1, 20267 min read
Compliance

FedRAMP compliance checklist: steps, requirements, docume...

A concrete FedRAMP compliance checklist: steps, documentation, timelines, and how supply chain evidence like Chainguard images and Safeguard SBOMs fits in.

Apr 1, 20267 min read
Compliance

White House M-22-18 SBOM Attestation Update

OMB M-22-18 and the CISA Secure Software Self-Attestation form continue to evolve. Here is what producers and federal buyers must change in 2026.

Mar 31, 20268 min read
Compliance

SOC 2 and the hardened software supply chain

SOC 2 attests to internal controls, not to whether a hardened image or build pipeline is secure. Here is how Chainguard's approach fits, and what it does not cover.

Mar 31, 20268 min read
Open Source Security

Wolfi: the community Linux 'undistro'

Wolfi calls itself an "undistro," not a distro — and it's the open-source foundation under Chainguard Images. Here's what that actually means, and where the gaps are.

Mar 31, 20267 min read
Best Practices

Finding Forgotten Public npm Packages In Your Org

Public npm packages your org published years ago are now an attacker's best targets. Find them before someone else does.

Mar 30, 20267 min read
Open Source Security

apko and melange: declarative container build tools

How Chainguard's apko and melange replace Dockerfiles with declarative, reproducible builds — and where the security claims need independent verification.

Mar 30, 20268 min read
sbom (Page 35) — Safeguard Blog