sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
Compliance Dashboard Design Patterns for Supply Chain Security
Compliance dashboards translate complex supply chain data into actionable views for auditors, executives, and engineering teams. These design patterns make the difference between a dashboard that drives action and one that collects dust.
Enterprise SCA Tool Evaluation Framework
Choosing a software composition analysis tool for the enterprise? Here's a structured evaluation framework covering what actually matters.
Mend vs Black Duck: Functional Comparison
Compare Mend (formerly WhiteSource) and Black Duck on SBOM export, license policy, detection sources, deployment model, and enterprise reporting for 2024 SCA selection.
ESSCM: Enterprise SBOM Management at Scale
Managing SBOMs across hundreds of products requires more than file storage. ESSCM brings lifecycle management, versioning, and queryability to your software inventory.
Energy Sector Software Security and NERC CIP Compliance
Power utilities and energy companies must secure software supply chains while meeting NERC CIP requirements. Here's a practical approach.
What Does SCA Stand For, and Why Does It Matter Now?
SCA stands for software composition analysis, and it matters more in 2024 than it did five years ago because open source now makes up the majority of most codebases.
.NET 8 Supply Chain Improvements
.NET 8 quietly shipped several supply chain improvements worth knowing — NuGet audit, signed packages, SBOM tooling, and better source-link coverage.
How to Generate an SBOM in a GitLab CI Pipeline
A working .gitlab-ci.yml for SBOM generation with Syft: CycloneDX report artifacts, a Grype scan stage, and Cosign attestations pushed next to the image.
Introducing Safeguard: Software Supply Chain Security, Done Right
Today we are launching Safeguard, a platform purpose-built for managing the security of your software supply chain from SBOM generation to vulnerability response.
SBOMs for Microservices Architecture: Managing Complexity at Scale
When your application is 50 services with 50 dependency trees, SBOM management stops being simple. Here's how to handle it.
Why We Built Safeguard
The software supply chain is broken. We started Safeguard because existing tools treated SBOM as a checkbox exercise instead of a security discipline.
SBOMs for AI/ML Models: Why Machine Learning Needs a Bill of Materials
As AI models become critical infrastructure, the need for transparency about their components, training data, and dependencies grows urgent. Emerging standards are beginning to address this gap.