sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
974 articles
CycloneDX
CycloneDX is the OWASP-backed SBOM standard for tracking software components, vulnerabilities, and VEX statements. Here's what is CycloneDX and how it compares to SPDX.
SPDX
What is SPDX? A plain-English guide to the ISO-standard SBOM and license format that documents what's really inside your software.
What is Vibe Coding (and Its Security Risks)
Vibe coding lets AI write entire apps from a prompt with little human review — here's what it is, real incidents it's caused, and how to detect the risk.
What is Training Data Poisoning
Training data poisoning corrupts an ML model's training data to plant hidden backdoors. Learn how it works, real incidents, and how to detect it.
How to Audit Open Source Licenses for Compliance
A senior engineer's playbook for auditing open source licenses across modern polyglot repos, from SPDX extraction to enforcement in CI and legal reporting.
Safeguard Open Source Manager: A Deep Dive Into Dependency Governance
An inside look at Safeguard's Open Source Manager — how it tracks, evaluates, and enforces policies across every open-source dependency in your portfolio.
SBOM Requirements for Automotive (ISO 21434) 2026
A senior engineer's guide to SBOM requirements for automotive suppliers under ISO/SAE 21434, UNECE WP.29 R155, and the 2026 enforcement landscape for connected vehicles.
What is AI Governance
AI governance means the policies and technical controls that keep AI models, data, and agents safe, compliant, and auditable across your software supply chain.
Continuous Asset Discovery vs Quarterly Inventory
Quarterly inventories are wrong by the time they are signed. Continuous discovery is the only model that matches modern rates of change.
Signed SBOMs As Procurement Leverage
Unsigned SBOMs are paperwork. Signed SBOMs with in-toto attestations are leverage. Here is how mature procurement programmes use signing to harden vendor relationships.
What is ISO 27001
ISO 27001 is the international ISMS standard with 93 Annex A controls. Here's what it requires, who needs it, and what it costs to certify.
What is the NIST Cybersecurity Framework
A breakdown of the NIST Cybersecurity Framework's six functions, its 2024 update, and why GV.SC makes it central to software supply chain security.