Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

974 articles

Industry Analysis

PHP Security Explained

PHP still runs ~74% of the web. From the 2024 PHP-CGI RCE to WordPress plugin flaws, here's what actually breaks PHP apps in production.

Feb 23, 20268 min read
Industry Analysis

Go (Golang) Security Explained

Go's memory safety stops buffer overflows, not logic bugs, typosquatted modules, or CI-pipeline compromise. Here's what actually threatens Go security.

Feb 23, 20266 min read
Best Practices

FAQ: When Do You Need a Dedicated SBOM Tool?

When a scanner's built-in SBOM export stops being enough — signals you need a dedicated SBOM tool, what one actually does, and how to evaluate.

Feb 22, 20267 min read
Compliance

Federal Software Procurement and SBOM Requirements: A Vendor's Playbook

If you sell software to the US government, SBOM requirements are now non-negotiable. Here's a practical playbook for compliance.

Feb 22, 20266 min read
Industry Analysis

Rust Security Explained

Rust kills most memory-safety bugs, but crates.io supply chain attacks and CVE-2024-24576 prove "written in Rust" isn't a security guarantee.

Feb 22, 20266 min read
Container Security

Multi-Arch Image Builds and Attestation Pitfalls

Why multi-architecture container images break assumptions baked into signing, SBOM, and attestation tooling, and how to build a multi-arch pipeline that stays verifiable.

Feb 22, 20268 min read
Industry Analysis

C/C++ Security Explained

C/C++ still cause ~70% of critical CVEs. From Heartbleed to the xz backdoor, here's why memory bugs persist and how to find exploitable ones fast.

Feb 22, 20268 min read
AI Security

Model Inventory Tracking: Griffin AI vs Mythos

You cannot secure what you cannot enumerate. Griffin AI maintains a typed inventory of every model, version, and deployment across a tenant. Mythos-class tools approximate the inventory in prose.

Feb 21, 20268 min read
Tools

Snyk vs Black Duck Comparison

Snyk and Black Duck take different paths to open source risk—developer-first scanning vs. compliance-grade component identification. Here's how they compare, and where reachability closes the gap.

Feb 21, 20267 min read
SBOM

How to set up SBOM generation in a CI pipeline

Learn how to build an SBOM generation CI pipeline with Syft and GitHub Actions, covering scanning, signing, storage, and verification for supply chain visibility.

Feb 21, 20268 min read
Supply Chain

SCA Security Tools: A Practical Shortlist

A working shortlist of SCA security tools, what actually differentiates them beyond CVE counts, and how to pick an sca solution that fits your ecosystem.

Feb 18, 20265 min read
Best Practices

What is TLS/SSL

TLS/SSL encrypts data in transit, but outdated versions and unpatched libraries like Heartbleed-era OpenSSL still expose real risk today.

Feb 17, 20266 min read
sbom (Page 48) — Safeguard Blog