sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
Drupal module vulnerability trends
Contributed modules drive most Drupal risk today. Here's what the advisory trends show — and how reachability analysis changes triage.
Best VEX (Vulnerability Exploitability eXchange) tools
A practical buyer's guide to VEX tools: what to evaluate, and an honest look at Dependency-Track, GUAC, OpenVEX, Grype, Trivy, and Interlynk.
Cargo crate vulnerability trends report
RustSec advisories rose 38% year-over-year as crates.io passed 195,000 packages. A breakdown of where Cargo's supply-chain risk is concentrated in 2026.
Rust supply chain security landscape
Rust's crates.io has topped 170,000 packages and real attacks are following. Here's what's changed and how security teams should respond.
Swift Package Manager vulnerability trends
Typosquats, thin CVE coverage, and an executable manifest format: inside the Swift Package Manager vulnerability trends security teams can't ignore.
Malicious iOS SDKs and CocoaPods report
CocoaPods trunk server CVEs and the SourMint SDK scandal reveal how malicious iOS SDKs and pods slip past App Review for years.
Mobile app dependency vulnerability trends
Mobile apps now ship more third-party code than first-party. Safeguard's analysis breaks down where dependency vulnerabilities cluster and why.
Malicious VS Code extensions report
150+ malicious VS Code extensions have been pulled from marketplaces since 2024. Here's how the attacks work — and how to defend against them.
Terraform Registry module vulnerability trends
Registry-wide analysis shows a rising share of Terraform modules carry stale provider pins and insecure defaults — here's what's driving it and how to respond.
Homebrew formula security incidents
A timeline of Homebrew formula security incidents — from the 2018 Jenkins token leak to 2026's Trivy tap compromise — and what Homebrew's Tap Trust fix means for security teams.
Best software composition analysis tools for mobile appli...
A no-hype comparison of mobile SCA tools for scanning iOS and Android dependencies, generating SBOMs, and catching open-source vulnerabilities before release.
Automating Open Source License Compliance: From Manual Audits to Continuous Enforcement
Manual license audits cannot keep pace with modern dependency trees. Automated license detection, policy enforcement, and compliance documentation turn a legal bottleneck into a developer workflow.