Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Open Source Security

State of npm supply chain attacks

Maintainer phishing, self-propagating worms, and mass-download packages compromised: a look at the npm supply chain attack trends reshaping open source risk.

Nov 30, 20257 min read
Open Source Security

Compromised maintainer accounts on npm

Recent npm maintainer account takeovers show how a single stolen credential can compromise billions of downloads. Here's the anatomy of the threat—and the defense.

Nov 29, 20257 min read
Open Source Security

Most vulnerable npm packages of the year

Safeguard's 2026 mid-year analysis of the npm registry breaks down the packages driving the most risk and why the same names keep coming back.

Nov 29, 20257 min read
Open Source Security

PyPI typosquatting and malicious package report

A 2026 look at PyPI typosquatting trends: attack patterns, CI/CD targeting, info-stealer payloads, and how to defend the Python supply chain.

Nov 28, 20257 min read
Product Launch

Safeguard CLI v5: Faster, Smarter, More Extensible

Safeguard CLI v5 brings a rewritten scanning engine, plugin architecture, and native CI/CD integration. Here is what is new and how to upgrade.

Nov 25, 20256 min read
Open Source Security

Ruby supply chain security report

A report on Ruby supply chain security: malicious RubyGems campaigns, maintainer credential compromises, and 2025's RubyGems governance dispute.

Nov 21, 20257 min read
Open Source Security

Go module proxy vulnerability trends

A backdoor hid in Go's module proxy for 3+ years, and 63,000+ orphaned packages remain cached. Inside 2025's Go supply chain reckoning.

Nov 21, 20256 min read
Compliance

Software Supply Chain Security for Regulated Industries

Healthcare, finance, energy, and defense face unique supply chain security requirements. Here is how regulated industries should approach SBOM compliance and vulnerability management.

Nov 20, 20257 min read
Containers

Docker Vulnerability Scanners: What They Catch and Miss

Image scanners are excellent at matching OS packages and language dependencies against CVE databases — and structurally blind to config flaws, runtime behavior, and code you compiled yourself. Where the line sits.

Nov 20, 20258 min read
Open Source Security

Go vulnerability database (govulncheck) trend report

Go's vulnerability database is scaling fast and stdlib CVEs are clustering. Here's what govulncheck vulnerability trends reveal about reachability, typosquats, and risk.

Nov 20, 20257 min read
Open Source Security

Typosquatting in the Go module ecosystem

Typosquatting is surging across the Go module ecosystem, exploiting decentralized import paths and an immutable checksum database that makes takedowns nearly meaningless.

Nov 20, 20257 min read
Open Source Security

Most vulnerable Go packages report

Safeguard's 2026 analysis ranks the most vulnerable Go packages by exposure-weighted risk, revealing why a handful of core modules drive most CVE impact.

Nov 20, 20257 min read
sbom (Page 61) — Safeguard Blog