Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

974 articles

Software Supply Chain Security

CycloneDX

CycloneDX is the OWASP-backed SBOM standard for tracking software components, vulnerabilities, and VEX statements. Here's what is CycloneDX and how it compares to SPDX.

Mar 3, 20267 min read
Software Supply Chain Security

SPDX

What is SPDX? A plain-English guide to the ISO-standard SBOM and license format that documents what's really inside your software.

Mar 3, 20267 min read
AI Security

What is Vibe Coding (and Its Security Risks)

Vibe coding lets AI write entire apps from a prompt with little human review — here's what it is, real incidents it's caused, and how to detect the risk.

Mar 3, 20267 min read
AI Security

What is Training Data Poisoning

Training data poisoning corrupts an ML model's training data to plant hidden backdoors. Learn how it works, real incidents, and how to detect it.

Mar 2, 20266 min read
Best Practices

How to Audit Open Source Licenses for Compliance

A senior engineer's playbook for auditing open source licenses across modern polyglot repos, from SPDX extraction to enforcement in CI and legal reporting.

Mar 2, 20268 min read
Product

Safeguard Open Source Manager: A Deep Dive Into Dependency Governance

An inside look at Safeguard's Open Source Manager — how it tracks, evaluates, and enforces policies across every open-source dependency in your portfolio.

Mar 2, 20267 min read
Compliance

SBOM Requirements for Automotive (ISO 21434) 2026

A senior engineer's guide to SBOM requirements for automotive suppliers under ISO/SAE 21434, UNECE WP.29 R155, and the 2026 enforcement landscape for connected vehicles.

Mar 2, 20267 min read
AI Security

What is AI Governance

AI governance means the policies and technical controls that keep AI models, data, and agents safe, compliant, and auditable across your software supply chain.

Mar 1, 20267 min read
Best Practices

Continuous Asset Discovery vs Quarterly Inventory

Quarterly inventories are wrong by the time they are signed. Continuous discovery is the only model that matches modern rates of change.

Feb 28, 20267 min read
SBOM & Compliance

Signed SBOMs As Procurement Leverage

Unsigned SBOMs are paperwork. Signed SBOMs with in-toto attestations are leverage. Here is how mature procurement programmes use signing to harden vendor relationships.

Feb 27, 20267 min read
Compliance

What is ISO 27001

ISO 27001 is the international ISMS standard with 93 Annex A controls. Here's what it requires, who needs it, and what it costs to certify.

Feb 27, 20267 min read
Compliance

What is the NIST Cybersecurity Framework

A breakdown of the NIST Cybersecurity Framework's six functions, its 2024 update, and why GV.SC makes it central to software supply chain security.

Feb 27, 20267 min read
sbom (Page 46) — Safeguard Blog