Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Container Security

Distroless image security trend report

Distroless adoption is up nearly 3x since 2024, but Safeguard's 2026 scan data shows SBOM gaps, missed dependencies, and inflated CVE lists still undermine the hardening it promises.

Nov 16, 20257 min read
Container Security

Kubernetes Helm chart vulnerability trends

New Safeguard research finds most public Helm charts ship risky defaults and stale image pins—here's what the data shows and how to fix it.

Nov 16, 20257 min read
Open Source Security

NuGet package vulnerability trends report

NuGet's growing attack surface: typosquatting, steganographic malware, and patch lag are reshaping .NET supply chain risk in 2026 — here's what the data shows.

Nov 16, 20257 min read
Open Source Security

Most vulnerable .NET libraries report

Safeguard's H1 2026 analysis of 41,000+ .NET repos reveals a small cluster of NuGet packages driving nearly half of all vulnerability findings—and most aren't even reachable.

Nov 14, 20258 min read
AI Security

LLM Supply Chain Vulnerabilities

Malicious model files, poisoned datasets, and compromised ML packages are the new software supply chain frontier. Here is how these LLM attacks actually work.

Nov 14, 20257 min read
Open Source Security

NuGet dependency confusion risk report

NuGet's default feed-resolution behavior keeps dependency confusion risk elevated across .NET orgs. Here's what the incident history shows, and how to close the gap.

Nov 14, 20257 min read
Buyer's Guides

Best open source license compliance tools

A practical comparison of open source license compliance tools—FOSSA, Mend, Black Duck, Snyk, and more—covering detection accuracy, policy engines, and SBOM support.

Nov 14, 20258 min read
Open Source Security

Composer package vulnerability trends report

Composer package vulnerabilities rose 34% YoY, with 60%+ arriving via transitive dependencies. Safeguard breaks down the trends and what security teams should do.

Nov 14, 20256 min read
Software Supply Chain Security

Best software supply chain security platforms

A practical buyer's guide comparing top software supply chain security platforms—SBOM, dependency scanning, and CI/CD attestation—so you can pick the right fit.

Nov 13, 20257 min read
Buyer's Guides

Best software provenance verification tools

A practical, no-fluff comparison of software provenance verification tools — Sigstore, in-toto, GitHub Attestations, JFrog, Chainguard, and Kosli — plus what to evaluate before you buy.

Nov 13, 20258 min read
SBOM

AI-Generated SBOMs: How Accurate Are They?

LLMs can now generate SBOMs from source code and documentation. We tested five AI SBOM generators against traditional tools to measure accuracy, completeness, and reliability.

Nov 12, 20257 min read
Open Source Security

Most vulnerable PHP frameworks report

A data-driven look at CVEs across Laravel, Symfony, CodeIgniter, Yii2 & ThinkPHP reveals which PHP frameworks carry the most real-world exploitation risk.

Nov 12, 20258 min read
sbom (Page 63) — Safeguard Blog