sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
974 articles
Top 5 Docker Security Vulnerabilities
Runc escapes, exposed daemons, stale base images, privileged containers, and leaked secrets: the five Docker vulnerabilities behind most real container breaches.
Dockerfile Security Best Practices
Six question-driven answers on Dockerfile hardening: pinning, root users, multi-stage builds, secrets, and the review gates that catch supply chain risk early.
SPDX 3.0 Feature Overview for 2026
What changed in SPDX 3.0 and the 3.0.1 patch release: the profile model, AI and dataset profiles, serialization choices, and what to migrate first.
VEX Statements: Eliminating SBOM Noise In 2026
An SBOM without VEX is a noise machine. Here is how disciplined VEX authoring cuts vulnerability backlogs by 70-90% while improving defensibility, not weakening it.
What is Kubernetes Security
Kubernetes security spans four layers — cloud, cluster, container, code — and misconfiguration, not novel exploits, causes most real-world incidents.
NIST Cybersecurity Framework (CSF) explained
NIST CSF 2.0 added a Govern function and supply chain risk category in 2024. Here's what it requires, how Vanta maps it, and where build-level evidence closes the gap.
Kubernetes Monitoring Guide
A practical Kubernetes monitoring guide: what to track across nodes, control plane, and workloads, the tools teams use, and where monitoring alone misses supply chain risk.
FedRAMP authorization process for cloud vendors
A breakdown of the FedRAMP authorization process for cloud vendors — timelines, JAB vs. agency ATOs, 3PAO testing, costs, and where GRC tools like Vanta fall short on supply chain evidence.
AI-BOM and ML-BOM: The State of Standards in 2026
Where AI-BOM and ML-BOM specifications stand in 2026, which formats have real adoption, and what to capture today even if the standards are still in motion.
What is Cloud Native Security
Cloud native security explained: what it is, the 4C's model, real breach examples, SBOM requirements, and the tools that secure containers and Kubernetes.
Cross-Vendor SBOM Normalization: Griffin AI vs Mythos
Your SBOMs come from a dozen vendors, three scanners, and two CI systems. Normalising them into one queryable graph is where SBOM programs actually succeed or fail.
Container Security vs Virtual Machine Security
Containers and VMs isolate workloads at different layers — kernel vs. hypervisor — which changes attack surface, blast radius, patch speed, and what your scanner actually needs to cover.