Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Industry Analysis

Executive Guide to Operationalizing AI Governance

A 2026 look at why AI governance policies keep failing in practice—and the five-pillar operating model executives are using to fix it.

Jan 22, 20267 min read
Industry Analysis

A Tale of Two Scanners: Siloed Scanning vs AI-Powered Correlation

Siloed scanners flood teams with disconnected alerts. Here's why AI powered vulnerability correlation is becoming the industry's answer to alert fatigue.

Jan 22, 20268 min read
Compliance

CISA Secure by Design Pledge: Practical Impact

An engineer's assessment of what the CISA Secure by Design Pledge actually changed inside product teams, what it did not, and where the 2026 expectations are landing.

Jan 21, 20267 min read
Application Security

What is Vulnerability Remediation

Vulnerability remediation means fixing a flaw at its source, not just detecting it. Learn the workflow, real MTTR benchmarks, and prioritization.

Jan 21, 20267 min read
Application Security

What is Snyk Code (SAST Tool Category Overview)

Snyk Code explained: what it is, how its SAST engine works, its limits, category competitors, and where reachability closes the gap.

Jan 20, 20266 min read
Vulnerability Analysis

What is a Vulnerability Database

CVE, NVD, OSV, GHSA, KEV — vulnerability databases power every scanner's severity score. Here's how they're built, enriched, and where they fall short.

Jan 20, 20266 min read
Software Supply Chain Security

What is Software Supply Chain Risk Scoring

CVSS alone can't tell you what to fix first. Here's how supply chain risk scoring blends exploitability, reachability, and provenance into one actionable number.

Jan 20, 20267 min read
Software Supply Chain Security

What is a Malicious Commit / Compromised Maintainer Account

When an attacker steals a maintainer's credentials, every user of that package inherits the compromise. Here's how it happens and how to catch it.

Jan 19, 20267 min read
SBOM

Generating and exporting a software bill of materials in AWS

A practical walkthrough for generating and exporting an AWS SBOM using Inspector and ECR -- plus troubleshooting tips and how Safeguard helps.

Jan 19, 20267 min read
Vulnerability Analysis

XZ Utils backdoor discovery (CVE-2024-3094)

A deep dive into CVE-2024-3094, the XZ Utils backdoor: affected versions, CVSS/EPSS context, full attack timeline, and remediation steps.

Jan 16, 20267 min read
AI Security

CycloneDX ML-BOM in 1.7: Implementation Guide

CycloneDX 1.7 was published in October 2025 and adopted by the General Assembly in December. We unpack what the ML-BOM capability means in practice for AI inventory.

Jan 15, 20267 min read
AI Security

CycloneDX Support: Griffin AI vs Mythos

CycloneDX is not a text format to be summarized — it's a typed graph with dozens of semantically-rich fields. Griffin AI consumes it as a graph. Mythos-class tools consume it as tokens. That difference decides every downstream finding.

Jan 15, 20267 min read
sbom (Page 56) — Safeguard Blog