Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Vulnerability Analysis

CVE-2020-7729: Command injection in node-notifier

CVE-2020-7729 lets attacker-influenced input reach node-notifier's OS notifier calls, enabling command injection. Here's the impact, timeline, and fix.

Oct 14, 20257 min read
SBOM

Container SBOM Generation: Best Practices for 2025

Container images are multi-layered artifacts that challenge SBOM generators. Here is how to generate comprehensive, accurate SBOMs for containerized applications.

Oct 1, 20256 min read
Licensing

Open Source License Scanning: How It Actually Works

How open source license scanning identifies oss license obligations across a dependency tree, and what open source compliance management software actually automates versus flags for review.

Sep 30, 20255 min read
Vulnerability Analysis

CVE-2020-9484: Deserialization RCE via Apache Tomcat Pers...

A deep dive into CVE-2020-9484, the Apache Tomcat PersistenceManager deserialization RCE — affected versions, CVSS/EPSS context, and remediation steps.

Sep 23, 20257 min read
Tools

Syft v1.20 Release: Faster Scans, Smarter License Detection

Anchore's Syft v1.20 ships a refactored license cataloger, Bitnami SBOM passthrough, and a 2x speedup on filesystem scans. We tested the upgrade on five real codebases.

Sep 18, 20255 min read
SBOM

SBOM Interoperability: Bridging CycloneDX and SPDX

Your suppliers send SPDX. Your tools expect CycloneDX. Interoperability between SBOM formats is a real operational challenge. Here is how to solve it.

Sep 10, 20256 min read
Supply Chain

What Is a Software Ingredient Label?

Food gets an ingredient panel; software gets an SBOM. What a software ingredient label contains, who is demanding one, and how to generate yours automatically.

Sep 9, 20256 min read
Container Security

How Snyk Container maps vulnerabilities to specific image...

How Snyk Container uses OCI manifest metadata, diff_ids, and Dockerfile history to trace a vulnerable package to the exact layer and build instruction that introduced it.

Sep 7, 20258 min read
Container Security

How Snyk Container scans distroless and minimal (Wolfi-st...

Distroless and Wolfi-style images strip out package managers, breaking traditional scanners. Here's how Snyk Container identifies vulnerable packages anyway.

Sep 7, 20258 min read
Container Security

How Snyk Container's static filesystem analysis avoids th...

How Snyk Container inspects image layers, package databases, and lockfiles without ever running the container — and where static filesystem analysis hits its limits.

Sep 6, 20258 min read
Container Security

How Snyk Container handles multi-stage Docker builds duri...

How Snyk Container identifies base images, attributes vulnerabilities to Dockerfile instructions, and scopes scans across multi-stage Docker builds.

Sep 6, 20257 min read
SBOM

How Snyk Container generates a Software Bill of Materials...

How Snyk Container statically scans image layers, parses OS package databases and lockfiles, and exports CycloneDX/SPDX SBOMs — mechanically explained.

Sep 5, 20257 min read
sbom (Page 67) — Safeguard Blog