Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

SBOM Standards

CycloneDX v1.5: New Features and What They Mean for Your SBOM Program

CycloneDX v1.5 introduced formulation, machine learning BOMs, and expanded evidence. Here is what changed and how to take advantage of it.

Jun 20, 20236 min read
SBOM

SBOMs for Mobile Applications: iOS and Android

Mobile apps ship to millions of devices and can't be patched silently. Here's how to build SBOM practices for iOS and Android development.

Jun 15, 20236 min read
Tool Reviews

Anchore Syft: The Go-To Open Source SBOM Generator

A thorough review of Anchore's Syft SBOM generation tool, covering supported formats, language ecosystems, container scanning, and integration patterns.

Jun 8, 20236 min read
SBOM

SBOM Validation and Quality Checks: Ensuring Your SBOMs Are Actually Useful

A syntactically valid SBOM can still be useless. Here's how to validate structure, completeness, and accuracy to produce SBOMs worth trusting.

May 22, 20236 min read
Industry Guides

SBOM Requirements for Financial Services: What You Need to Know

Financial regulators are tightening software transparency requirements. Here's what banks, fintechs, and financial institutions need to know about SBOMs.

May 10, 20237 min read
Software Supply Chain Security

SBOMs for SaaS Products: What Customers Are Starting to Demand

SBOMs were originally for on-premises software. Now SaaS customers are asking for them too. Here is what that means and how to respond.

May 8, 20234 min read
Software Supply Chain Security

Cross-Language Dependency Analysis: Bridging npm, pip, Maven, and Beyond

Modern applications use multiple languages and package ecosystems. Analyzing dependencies across these boundaries requires techniques that single-ecosystem tools cannot provide.

Mar 18, 20236 min read
Compliance & Regulations

SBOM Requirements for Medical Devices: FDA's New Mandate

The FDA now requires software bill of materials for medical device submissions. Here's what manufacturers need to know about compliance.

Feb 20, 20236 min read
DevSecOps

SBOM Sharing and Distribution Best Practices

Generating SBOMs is only half the battle. Sharing them securely and effectively with stakeholders requires careful planning and tooling.

Feb 15, 20236 min read
SBOM

SBOMs for Serverless Applications: What Changes and What Doesn't

Serverless doesn't mean dependency-free. Here's how to generate and manage SBOMs for Lambda functions, Azure Functions, and Cloud Functions.

Feb 12, 20236 min read
SBOM

SBOM Format Conversion: Tools and Techniques

Your supplier sends SPDX, your platform expects CycloneDX. Here's how to convert between SBOM formats without losing critical data.

Jan 18, 20236 min read
Best Practices

The End-of-Year Dependency Audit Ritual

Most dependency audits get done in a panic after a CVE lands. A planned year-end audit is cheaper, more thorough, and produces a backlog you can actually work through in Q1.

Dec 10, 20226 min read
sbom (Page 79) — Safeguard Blog