Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Open Source Security

Drupal module vulnerability trends

Contributed modules drive most Drupal risk today. Here's what the advisory trends show — and how reachability analysis changes triage.

Nov 12, 20256 min read
Buyer's Guides

Best VEX (Vulnerability Exploitability eXchange) tools

A practical buyer's guide to VEX tools: what to evaluate, and an honest look at Dependency-Track, GUAC, OpenVEX, Grype, Trivy, and Interlynk.

Nov 12, 20258 min read
Open Source Security

Cargo crate vulnerability trends report

RustSec advisories rose 38% year-over-year as crates.io passed 195,000 packages. A breakdown of where Cargo's supply-chain risk is concentrated in 2026.

Nov 12, 20257 min read
Open Source Security

Rust supply chain security landscape

Rust's crates.io has topped 170,000 packages and real attacks are following. Here's what's changed and how security teams should respond.

Nov 11, 20257 min read
Open Source Security

Swift Package Manager vulnerability trends

Typosquats, thin CVE coverage, and an executable manifest format: inside the Swift Package Manager vulnerability trends security teams can't ignore.

Nov 10, 20257 min read
Open Source Security

Malicious iOS SDKs and CocoaPods report

CocoaPods trunk server CVEs and the SourMint SDK scandal reveal how malicious iOS SDKs and pods slip past App Review for years.

Nov 10, 20257 min read
Open Source Security

Mobile app dependency vulnerability trends

Mobile apps now ship more third-party code than first-party. Safeguard's analysis breaks down where dependency vulnerabilities cluster and why.

Nov 9, 20257 min read
Software Supply Chain Security

Malicious VS Code extensions report

150+ malicious VS Code extensions have been pulled from marketplaces since 2024. Here's how the attacks work — and how to defend against them.

Nov 9, 20258 min read
Software Supply Chain Security

Terraform Registry module vulnerability trends

Registry-wide analysis shows a rising share of Terraform modules carry stale provider pins and insecure defaults — here's what's driving it and how to respond.

Nov 9, 20257 min read
Software Supply Chain Security

Homebrew formula security incidents

A timeline of Homebrew formula security incidents — from the 2018 Jenkins token leak to 2026's Trivy tap compromise — and what Homebrew's Tap Trust fix means for security teams.

Nov 9, 20258 min read
Buyer's Guides

Best software composition analysis tools for mobile appli...

A no-hype comparison of mobile SCA tools for scanning iOS and Android dependencies, generating SBOMs, and catching open-source vulnerabilities before release.

Nov 9, 20257 min read
Compliance

Automating Open Source License Compliance: From Manual Audits to Continuous Enforcement

Manual license audits cannot keep pace with modern dependency trees. Automated license detection, policy enforcement, and compliance documentation turn a legal bottleneck into a developer workflow.

Nov 8, 20258 min read
sbom (Page 64) — Safeguard Blog