sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
974 articles
What is Serverless Security
Serverless security protects function code, IAM roles, and event triggers where traditional host-based scanning and patching don't apply.
What is Helm Chart Security
Helm chart security means finding and fixing the RBAC, secrets, and supply chain risks baked into Kubernetes' most-used packaging format.
Drata vs OneTrust: enterprise GRC comparison
Drata and OneTrust automate GRC evidence, but neither scans code or verifies build provenance -- the gap Safeguard closes for software supply chain risk.
How to Choose a Secure Base Image
Base image choice sets your CVE floor before any scanner runs. Here's how to evaluate footprint, patch cadence, provenance, and rebuild cycle.
Reachability-Driven SBOM Prioritisation In 2026
An SBOM is a list. A reachability-prioritised SBOM is a triage queue. The difference determines whether the SBOM produces value or sits unread.
Runtime Asset Attribution: Pods To Services
Mapping a running pod back to a service, repo, owner, and SBOM is the boring infrastructure that makes every other security control useful.
Best SBOM Management Platforms 2026 Review
A 2026 review of the best SBOM management platforms, comparing Dependency-Track, Anchore, Kusari, and Safeguard on depth and compliance.
SBOMs in Healthcare: Patient Safety Meets Software Transparency
Healthcare organizations face unique SBOM challenges driven by FDA requirements, device lifecycles, and patient safety stakes.
The Complete SBOM Compliance Guide for 2026
Everything you need to know about SBOM requirements under EO 14028, NIST SSDF, and emerging global regulations.
AI-BOM And EU AI Act Article 10 Data Governance
Article 10 turns training data governance into a legal obligation. AI-BOM is how you prove it. A practical mapping of what the regulation expects to what the artefact captures.
ISO 27001 certification: complete guide and requirements
ISO 27001 requirements explained: the 93 Annex A controls, clause structure, audit timeline, and where supply chain security controls fit into certification.
CMMC vs NIST 800-171: key differences
CMMC and NIST 800-171 aren't the same thing. We break down the differences, where control families overlap, and how supply chain evidence fits into assessment.