sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
974 articles
Reachability Analysis: Cutting Through CVE Noise to Find What Actually Matters
Why most CVEs in your dependency tree are not exploitable in your application, and how reachability analysis separates real risk from noise.
SBOM standards and formats compared (SPDX vs CycloneDX vs...
SPDX, CycloneDX, and Syft JSON aren't interchangeable. A concrete breakdown of what each format is for, where Anchore's Syft defaults, and how Safeguard handles both.
CycloneDX vs SPDX: Which Format For Your Program
A senior-engineer comparison of CycloneDX and SPDX in 2026, covering field coverage, tooling, AI-BOM support, VEX, and the practical trade-offs for your programme.
Anchore vs. Snyk / Wiz / Sysdig / Aqua / Chainguard posit...
Evaluating Anchore alternatives? See how Safeguard, Snyk, Wiz, Sysdig, Aqua, and Chainguard actually differ on SBOM, runtime, and compliance.
What is a Software Bill of Materials (SBOM) — definitions...
What is an SBOM? A plain-language breakdown of definitions, contents, formats (SPDX vs CycloneDX), compliance drivers, and real use cases like Log4Shell and xz-utils.
How to generate an SBOM with free open source tools
Free tools like Syft and Trivy can generate an SBOM in minutes. Here's exactly how, where open source tooling stops scaling, and how Safeguard fills the gap.
What is a DDoS Attack
A DDoS attack floods systems with botnet traffic until they collapse. See real Tbps records, the Rapid Reset CVE, and how to detect and mitigate one.
SBOM automation from creation to scanning & analysis
SBOM generation alone isn't enough. See how continuous SBOM automation — from creation to scanning and analysis — closes the gaps left by point-in-time tools.
Tern SBOM Generation Walkthrough for 2026
A walkthrough of generating SBOMs with Tern in 2026, covering layer-by-layer inspection, CycloneDX output, and practical comparison with Syft.
Incident Response for Supply Chain Attacks: A 2026 Playbook
A practical incident response playbook tailored for supply chain compromises — from initial detection through containment, eradication, and lessons learned.
Tackling SBOM sprawl across an organization
SBOM generation has outpaced SBOM management. Here's why sprawl happens, what it costs in incident response and audits, and how to consolidate it for good.
SBOM GitHub Action / dropping SBOM tooling into CI workflows
Adding an SBOM GitHub Action like Anchore's is easy; making the output useful isn't. Here's what breaks in real CI pipelines and how to fix it.