Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

974 articles

Tools

How Syft scans software to generate SBOMs (under-the-hood...

A deep look at Syft's under-the-hood scanning mechanics — catalogers, binary classifiers, layer squashing, and SBOM formats — and where the single-scan model breaks down at fleet scale.

Mar 28, 20267 min read
Container Security

Docker image security fundamentals (quick-start guide)

A practical guide to docker image security: how vulnerabilities hide in base images, common misconfigurations, how scanning works, and a five-step quick-start checklist.

Mar 27, 20268 min read
Industry Analysis

What is Software Supply Chain Security (SSCS)?

SolarWinds, Log4Shell, and the XZ Utils backdoor show why supply chain security now means more than SBOMs. Here's what SSCS actually covers—and where Anchore's approach falls short.

Mar 27, 20267 min read
Industry Analysis

Best practices for securing the software supply chain

From the xz backdoor to SolarWinds, real incidents show why SBOMs, build provenance, and continuous monitoring matter more than scanning alone.

Mar 26, 20267 min read
DevSecOps

What is DevSecOps? (principles, workflow, tooling)

DevSecOps explained: the principles, CI/CD workflow, and scanning tools that build security into every commit instead of bolting it on at release.

Mar 26, 20267 min read
DevSecOps

Anchore's approach to DevSecOps (case for shift-left secu...

How Anchore's devsecops approach uses SBOMs and shift-left scanning to catch vulnerabilities early, and why runtime visibility still matters.

Mar 26, 20268 min read
DevSecOps

CI/CD security and compliance integration

How CI/CD pipelines became the top supply chain attack surface, where scan-only tools like Anchore fall short on compliance evidence, and how Safeguard unifies both.

Mar 26, 20267 min read
Best Practices

Unifying Software And AI Assets In One Graph

Two parallel inventories for software and AI assets do not survive contact with reality. A unified graph is what makes governance feasible.

Mar 25, 20267 min read
Tools

Open source dependency scanning (OSS composition risk)

Open source dependency scanning has moved from periodic audits to a CI/CD gate. Here's how it works, where Anchore fits, and where Safeguard differs.

Mar 25, 20268 min read
Vulnerability Analysis

What is Malware

Malware now hides in open source packages and CI pipelines, not just email attachments. Here's what it is, how it spreads, and how to catch it early.

Mar 25, 20267 min read
Compliance

Vulnerability management under the EU Cyber Resilience Ac...

The EU Cyber Resilience Act sets hard deadlines for vulnerability reporting and SBOMs. Here's what changes, when, and how Safeguard stacks up against Anchore.

Mar 25, 20267 min read
Vulnerability Analysis

What is Ransomware

Ransomware costs organizations $2.73M on average to recover from. Learn how it works, its top infection vectors, and how to defend against it.

Mar 25, 20267 min read
sbom (Page 37) — Safeguard Blog