sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
SBOM Storage and Distribution Infrastructure
Generating SBOMs is solved. Storing, versioning, and distributing them at scale is the next engineering challenge.
SBOM for the Gaming Industry: Why Game Studios Need Software Transparency
Game studios ship millions of lines of code with complex dependency chains across engines, middleware, and third-party SDKs. SBOMs are not just a compliance tool — they are an operational necessity.
SBOM Tooling Landscape in 2023: What Actually Works
The SBOM tooling ecosystem has matured significantly, but choosing the right tools still requires understanding the tradeoffs between formats, generators, and analysis platforms.
Canada's Cybersecurity Strategy and the Push for SBOM Adoption
Canada is integrating software supply chain security into its national cyber strategy. Here's where SBOMs fit in and what's coming next.
Runtime SBOM vs. Build-Time SBOM: Which Do You Actually Need?
Build-time SBOMs capture what goes into your software; runtime SBOMs capture what actually runs. Understanding the difference is critical for accurate vulnerability management.
Japan's Approach to Cybersecurity and Software Supply Chain Security
Japan is rapidly building cybersecurity policy around software supply chain risk. Here's what the regulatory landscape looks like and where it's headed.
How to Generate SBOMs From Maven Projects
Produce accurate CycloneDX SBOMs from Maven builds using the official plugin, handle multi-module reactors, and ship attested SBOMs alongside your JARs.
How to Structure an SBOM Review Process
Build a repeatable SBOM review workflow that catches license risks, stale dependencies, and unexpected components before they ship to customers.
Supply Chain Risk Scoring Algorithms: How They Work and Where They Fail
Risk scoring turns complex supply chain data into actionable numbers. But the algorithms behind these scores have assumptions and blind spots that security teams must understand.
Cloud-Native SBOM Generation Strategies That Actually Work
Practical strategies for generating and managing Software Bills of Materials in cloud-native environments, beyond the compliance checkbox.
Automated SBOM Drift Detection: When Your Bill of Materials Goes Stale
An SBOM that does not match what is actually deployed is worse than no SBOM at all. Here is how to detect and prevent SBOM drift automatically.
Automotive Cybersecurity: UNECE WP.29 and Software Supply Chain Security
Connected vehicles depend on millions of lines of code. UNECE WP.29 regulations now require automotive manufacturers to manage software supply chain risks.