Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

974 articles

Compliance

Data loss prevention (DLP) software roundup

Sprinto automates compliance evidence; Safeguard secures the software supply chain. A clear-eyed look at what "DLP software" really means and where each tool fits.

Mar 5, 20267 min read
Software Supply Chain Security

What is an Attestation (Software Security)

Software attestations are signed, verifiable proofs of how code was built and secured — now a legal requirement for US federal software vendors since March 2024.

Mar 5, 20267 min read
AI Security

What is AI Security

AI security protects models, training data, and agentic systems from prompt injection, poisoning, and unsafe autonomy — here's what it covers and how to build a program.

Mar 5, 20268 min read
SBOM

CISA Minimum Elements for SBOM: 2026 Update

A clear walkthrough of CISA's 2026 revisions to the minimum elements for SBOM, what changed from the original NTIA baseline, and how to bring your outputs into compliance.

Mar 4, 20266 min read
SBOM

SBOM Generation: Syft, Tern, Trivy Compared (2026)

An engineer's side-by-side of Syft, Tern, and Trivy for SBOM generation in 2026, with honest notes on accuracy, performance, and where each tool actually fits.

Mar 4, 20267 min read
SBOM & Compliance

SBOM Incident Response: Finding Affected Products Fast

When a critical CVE drops, the only number that matters is minutes-to-blast-radius. Here is how a well-run SBOM programme answers the question in under five minutes.

Mar 4, 20267 min read
SBOM

SBOM-Driven Due Diligence for M&A

How SBOMs have become a standard input to technical due diligence for software acquisitions, what acquirers actually look for, and how sellers should prepare.

Mar 4, 20267 min read
Software Supply Chain Security

Telecom Supply Chain Strategy for 2026

How telecom operators should rebuild their software supply chain strategy for 2026: SBOM mandates, 5G core risks, vendor concentration, and reachability-driven prioritization.

Mar 4, 20265 min read
Software Supply Chain Security

Rekor transparency log

What is Rekor? It's the public, immutable transparency log at the heart of Sigstore that records software signing events for tamper-evident verification.

Mar 4, 20267 min read
AI Security

What is AI Model Supply Chain Security

Model weights are executable artifacts, not data. Here's how AI model supply chain attacks work, from pickle exploits to weight tampering, and how to stop them.

Mar 4, 20267 min read
Best Practices

How to Comply With EU CRA: A Practical Checklist

The EU Cyber Resilience Act requires vendors to ship secure-by-default products, provide SBOMs, and report exploited vulnerabilities within 24 hours. Here is a concrete compliance path.

Mar 3, 20267 min read
AI Security

What is Model Context Protocol (MCP) Security

MCP security explained: how tool poisoning, rug pulls, and 2025's critical CVEs (mcp-remote, MCP Inspector) put AI agents at risk—and how to defend against them.

Mar 3, 20267 min read
sbom (Page 45) — Safeguard Blog