Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

974 articles

Compliance

EU CRA SBOM requirements overview and compliance tips

The EU Cyber Resilience Act makes SBOMs mandatory for connected products by December 2027. Here is what CRA compliance actually requires, and how to prepare.

Mar 25, 20267 min read
SBOM & Compliance

SBOM Quality: Fields Auditors Actually Check

Auditors do not score SBOMs on file count. They check a small set of fields that prove the artefact is real, current, and tied to a verifiable build. Here are the ones that matter.

Mar 24, 20266 min read
Compliance

NIST 800-53 security and privacy controls overview

A breakdown of NIST 800-53 Rev 5's control families, SBOM and supply-chain requirements, and why scanning tools like Anchore cover only a narrow slice of what compliance demands.

Mar 24, 20267 min read
Supply Chain

Software Supply Chain Security News: How to Actually Track It

Software supply chain security news moves across a dozen disconnected sources — registries, CVE feeds, vendor blogs — here's a repeatable system for not missing the one that hits you.

Mar 24, 20265 min read
Compliance

NIST 800-190 container security guide compliance

NIST 800-190 requires evidence across five container risk categories, not just image scans. Where Anchore-based pipelines fall short and how to close the gap.

Mar 24, 20267 min read
Compliance

DoD software factory reference design and secure software...

What a real DoD software factory requires under the DevSecOps Reference Design, where Anchore's scanning fits and falls short, and how continuous SBOM evidence enables cATO.

Mar 23, 20267 min read
SBOM

SBOM Drift Detection Playbook for 2026

A practical playbook for detecting and responding to SBOM drift between source, build, and runtime, with the patterns that separate signal from noise.

Mar 22, 20266 min read
SBOM

CycloneDX 1.7 Migration Guide From 1.5

A practical migration path from CycloneDX 1.5 to 1.7 covering schema changes, machine learning BOM additions, formulation, and the tooling adjustments required.

Mar 22, 20265 min read
Compliance

FDA Premarket Cybersecurity for Medical Devices 2026

A senior engineer's guide to FDA premarket cybersecurity for medical devices in 2026: section 524B, SBOM expectations, SPDF, and what reviewers actually ask about.

Mar 22, 20267 min read
Regulatory Compliance

Report on Compliance (ROC) vs Self-Assessment Questionnai...

PCI DSS ROC vs SAQ explained, and why v4.0.1's software inventory and anti-skimming rules demand supply chain evidence GRC tools like Vanta weren't built to generate.

Mar 22, 20268 min read
Product

Introducing Safeguard TPRM: Evidence-Based Third-Party Risk Management

Safeguard's new TPRM module replaces vendor questionnaires with SBOM-driven, continuous third-party risk assessment.

Mar 22, 20267 min read
Vulnerability Analysis

Use of Components with Known Vulnerabilities

Equifax lost 147M records to one unpatched library. Here's what "components with known vulnerabilities" means and how reachability analysis fixes the triage problem.

Mar 22, 20266 min read
sbom (Page 38) — Safeguard Blog