sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
What is a Trust Store
Trust stores decide which signatures your systems believe. Here's how they work, why they matter for supply chain security, and how to audit them.
CISA SBOM Mandate Enforcement Begins: What Federal Contractors Need to Know
CISA is moving from SBOM guidance to enforcement in 2026. Here's what the mandate requires and how to prepare.
What is a CI/CD Pipeline
A CI/CD pipeline automates code from commit to deployment—but SolarWinds, Codecov, and CircleCI show it's also a top supply-chain attack target.
State of Software Supply Chain Security 2026
A senior-engineer view of where software supply chain security stands in 2026: what's changed, what's stuck, and where budgets, regulations, and attacker tactics converge.
State of Open Source Security Report Overview
Open source vulnerabilities tripled in six years, but 70-85% aren't even reachable. A data-driven look at the real state of open source security in 2026.
SPDX Coverage: Griffin AI vs Mythos
SPDX is the format auditors ask for, the format regulators reference, and the format most enterprise procurement teams standardize on. Griffin AI treats it as a first-class graph. Mythos-class tools treat it as a long document.
State of Cloud Security Report Overview
This year's cloud security reports point to the same conclusion: detection isn't the bottleneck anymore — identity sprawl, supply chain risk, and slow remediation are.
Safeguard Knowledge Graph Architecture
How Safeguard's knowledge graph unifies components, vulnerabilities, policies, and runtime evidence into a single queryable substrate that powers every product surface.
State of Agentic AI Adoption Report Overview
Safeguard's State of Agentic AI Adoption Report finds 71% of enterprises now run agents with production access, outpacing identity, SBOM, and reachability controls.
Inside the Agentic Development Supply Chain Report
Safeguard's research team analyzed 42,000+ repositories with agentic commit activity, finding new dependency, MCP server, and SBOM gaps introduced by AI coding agents.
SBOM Distribution Patterns: TEA, VEX, and the Last Mile in 2026
How SBOMs actually move between producers and consumers in 2026, what TEA and VEX are solving, and the distribution patterns that hold up in production.
The Hidden Cost of AI Code in Financial Services
Banks and fintechs are shipping AI-generated code faster than they can vet it. The bill for that speed is starting to come due.