Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Frameworks

Software Supply Chain Security Maturity: Where Does Your Organization Stand?

Most organizations know they should care about software supply chain security, but few have a structured way to assess their maturity. A practical framework for evaluating and improving your posture.

Jun 1, 20258 min read
Engineering

Vendoring Dependencies: When It Helps and When It Hurts Security

Committing dependencies to your repo buys immutability and availability — and quietly breaks scanners, updates, and license tracking. Here's the honest ledger.

May 25, 20257 min read
Containers

Docker Image Scanning: How It Works and What It Finds

Scanners don't run your container — they unpack it. How docker image scanning inventories layers, matches CVEs, handles distro backports, and where it belongs in your pipeline.

Apr 29, 20256 min read
Supply Chain

SCA Code: What Composition Analysis Actually Reads in Your Repo

A concrete look at which files SCA tooling actually parses in a repository, how it builds a dependency tree, and why SCA is required even when your own code is clean.

Apr 2, 20255 min read
Supply Chain

SBOM Example: Reading a Real CycloneDX and SPDX Document

One component, two formats: a field-by-field walkthrough of a real CycloneDX and SPDX SBOM — purls, licenses, hashes, dependency graphs, and how to validate your own.

Mar 18, 20256 min read
Compliance

The SBOM Compliance Landscape in 2025: What You Need to Know

From the US Executive Order to the EU Cyber Resilience Act, SBOM requirements are becoming law. Here is where things stand in 2025 and what organizations need to do to comply.

Jan 18, 20256 min read
Standards

SPDX 3.0.1: The Patch Release That Cleared ISO and OMG Submission

SPDX 3.0.1 was announced on December 27, 2024, bundling fixes from 3.0.0 implementation and the edits required for OMG SPDX/3.0 and ISO/IEC submission.

Jan 8, 20255 min read
Product Update

Safeguard 5.0: The Next Generation of Software Supply Chain Security

Safeguard 5.0 introduces Griffin AI, expanded SBOM analysis, and a redesigned policy engine. Here is what is new and why it matters for your security program.

Jan 5, 20255 min read
SBOM & Compliance

Java SBOM Generation Tools Compared

Six tools generate SBOMs from Java projects. They disagree on transitive depth, license fields, and licensing of their own output. A head-to-head.

Dec 5, 20245 min read
Regulatory Compliance

NYDFS 500 Meets SBOM Requirements

23 NYCRR Part 500 was amended in 2023 with stronger third-party and vulnerability management language. For covered financial entities, SBOM practice has quietly become a compliance expectation.

Nov 25, 20247 min read
Best Practices

Zero Trust Principles Applied to the Software Supply Chain

Zero trust is not just a network architecture concept. Applied to the software supply chain, it fundamentally changes how organizations verify code, dependencies, and build processes.

Nov 25, 20247 min read
Industry Analysis

The Software Composition Analysis Market in 2024: Consolidation and Evolution

The SCA market is maturing fast, with acquisitions, AI-powered analysis, and SBOM mandates reshaping the competitive landscape and what buyers should expect.

Nov 20, 20246 min read
sbom (Page 73) — Safeguard Blog