sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
Kubernetes and Go supply chain risk report
Kubernetes leans on thousands of Go modules. New analysis shows how typosquats and vendored code turn that dependency into real supply chain risk.
Best open source SBOM generation tools
A practical, no-hype comparison of open source SBOM generation tools — Syft, Trivy, cdxgen, Microsoft sbom-tool, SPDX Tools, and Tern — plus what to check before you pick one.
Best SBOM management and analysis platforms
A practical buyer's guide to SBOM management platforms in 2026 -- evaluation criteria plus an honest look at six real vendors and where each one falls short.
Docker Hub malicious image report
Researchers estimate roughly 3% of public Docker Hub images carry malicious payloads. Here's what's inside them, how they spread, and how to defend your pipeline.
Top vulnerable base images on Docker Hub
A look at why Docker Hub's most-pulled base images still ship hundreds of known CVEs, and how reachability analysis cuts the noise down to what's actually exploitable.
Cryptomining malware hidden in public Docker images
Cryptomining malware keeps resurfacing in public Docker images. Here's how attackers hide miners in plain sight — and how to catch them before they run.
Best software supply chain attestation tools
A practical, no-hype comparison of software supply chain attestation tools — in-toto, Sigstore, GUAC, GitHub, JFrog, and Chainguard — plus how to pick the right fit.
Docker Hub typosquatting of official images
Attackers are cloning popular Docker Official Images under lookalike names, tricking `docker pull` into fetching malware instead of trusted base images.
Container image supply chain attack trends
Container images have become the software supply chain's most contested attack surface. A look at the xz-utils backdoor, registry-borne malware campaigns, and the detection gaps behind them.
Alpine vs Debian base image vulnerability comparison
A 2026 look at Alpine vs. Debian base image CVEs shows raw vulnerability counts mislead — patch cadence and reachability matter more than distro choice.
Outdated container images still running in production
New industry data shows most production containers still run on stale, vulnerable base images months after fixes ship -- here's why, and how to close the gap.
Container registry credential leak trends
2026 data shows container registry credential leaks accelerating as CI pipelines speed up — and why layer-aware scanning, not just final-image checks, is now essential.