sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
Distroless image security trend report
Distroless adoption is up nearly 3x since 2024, but Safeguard's 2026 scan data shows SBOM gaps, missed dependencies, and inflated CVE lists still undermine the hardening it promises.
Kubernetes Helm chart vulnerability trends
New Safeguard research finds most public Helm charts ship risky defaults and stale image pins—here's what the data shows and how to fix it.
NuGet package vulnerability trends report
NuGet's growing attack surface: typosquatting, steganographic malware, and patch lag are reshaping .NET supply chain risk in 2026 — here's what the data shows.
Most vulnerable .NET libraries report
Safeguard's H1 2026 analysis of 41,000+ .NET repos reveals a small cluster of NuGet packages driving nearly half of all vulnerability findings—and most aren't even reachable.
LLM Supply Chain Vulnerabilities
Malicious model files, poisoned datasets, and compromised ML packages are the new software supply chain frontier. Here is how these LLM attacks actually work.
NuGet dependency confusion risk report
NuGet's default feed-resolution behavior keeps dependency confusion risk elevated across .NET orgs. Here's what the incident history shows, and how to close the gap.
Best open source license compliance tools
A practical comparison of open source license compliance tools—FOSSA, Mend, Black Duck, Snyk, and more—covering detection accuracy, policy engines, and SBOM support.
Composer package vulnerability trends report
Composer package vulnerabilities rose 34% YoY, with 60%+ arriving via transitive dependencies. Safeguard breaks down the trends and what security teams should do.
Best software supply chain security platforms
A practical buyer's guide comparing top software supply chain security platforms—SBOM, dependency scanning, and CI/CD attestation—so you can pick the right fit.
Best software provenance verification tools
A practical, no-fluff comparison of software provenance verification tools — Sigstore, in-toto, GitHub Attestations, JFrog, Chainguard, and Kosli — plus what to evaluate before you buy.
AI-Generated SBOMs: How Accurate Are They?
LLMs can now generate SBOMs from source code and documentation. We tested five AI SBOM generators against traditional tools to measure accuracy, completeness, and reliability.
Most vulnerable PHP frameworks report
A data-driven look at CVEs across Laravel, Symfony, CodeIgniter, Yii2 & ThinkPHP reveals which PHP frameworks carry the most real-world exploitation risk.