Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Buyer's Guides

Snyk vs Aikido Security Comparison

Comparing Snyk and Aikido as code scanners misses the bigger question: can you prove what actually shipped? Here's where Safeguard's supply chain security fits.

Jul 6, 20267 min read
FAQ

Best SBOM Tools (2026): An Honest FAQ

A balanced 2026 FAQ on the best SBOM tools — how Syft, Trivy, Dependency-Track, Sonatype, Black Duck, and Safeguard compare, and when a generator is enough versus a platform.

Jul 5, 20266 min read
Software Supply Chain Security

The XZ Utils backdoor CVE-2024-3094 explained

CVE-2024-3094 hid a remote-access backdoor inside xz-utils via a years-long social engineering campaign. Here's the timeline, impact, and fix.

Jul 5, 20267 min read
Software Supply Chain Security

event-stream npm package backdoor incident

How a routine maintainer handoff let attackers slip a Bitcoin-stealing backdoor into event-stream, hitting millions of npm installs for ten weeks.

Jul 5, 20267 min read
Software Supply Chain Security

ua-parser-js npm hijack incident

In 2021, a hijacked npm account pushed cryptomining and password-stealing malware into ua-parser-js for 4 hours. Here's what happened and how to catch it faster.

Jul 5, 20266 min read
Application Security

What Is Application Security (AppSec) 101

AppSec used to mean scanning code for known bugs. Here's why that's no longer enough, what CVE-matching tools like Snyk miss, and what a real supply chain security program requires.

Jul 5, 20267 min read
Buyer's Guides

Black Duck Alternatives in 2026: An Honest Buyer's Guide

A balanced comparison of the leading Black Duck alternatives in 2026 — Snyk, Mend, Sonatype, FOSSA, Trivy, and Safeguard — with candid pros, cons, and a framework for choosing.

Jul 4, 20266 min read
Security Guides

C++ Security Best Practices: Memory Safety, Hardening Flags, and the C/C++ Supply Chain

Microsoft attributes roughly 70% of its CVEs to memory-safety bugs, and the xz backdoor proved the C/C++ supply chain is a live target. Here is the practical hardening path for code you can't rewrite.

Jul 4, 20266 min read
Career

How to Get Into Software Supply Chain Security

Software supply chain security is one of the hottest specialties in the field—and one of the least crowded. Here is how students and career-changers can break into it, from the core concepts to a portfolio that stands out.

Jul 4, 20266 min read
Software Supply Chain Security

node-ipc protestware targeting Russia/Belarus IPs

In March 2022, node-ipc's maintainer shipped code wiping files on Russian and Belarusian machines. Here's what happened, how it spread, and how to catch it next time.

Jul 4, 20266 min read
Security Guides

NuGet Supply Chain Security: Protecting Your .NET Dependencies

How NuGet supply chain attacks work, from dependency confusion to typosquatting, and the concrete controls, lock files, source mapping, and signing, that lock down your .NET build.

Jul 4, 20265 min read
Compliance

SBOMs and Executive Order 14028: how a 2021 order reshaped software supply chain policy

Executive Order 14028 made the software bill of materials a matter of federal policy. Here's the story of how it happened, what it requires, and what it means for you in 2026.

Jul 4, 20265 min read
sbom (Page 7) — Safeguard Blog