sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
CycloneDX v1.5: New Features and What They Mean for Your SBOM Program
CycloneDX v1.5 introduced formulation, machine learning BOMs, and expanded evidence. Here is what changed and how to take advantage of it.
SBOMs for Mobile Applications: iOS and Android
Mobile apps ship to millions of devices and can't be patched silently. Here's how to build SBOM practices for iOS and Android development.
Anchore Syft: The Go-To Open Source SBOM Generator
A thorough review of Anchore's Syft SBOM generation tool, covering supported formats, language ecosystems, container scanning, and integration patterns.
SBOM Validation and Quality Checks: Ensuring Your SBOMs Are Actually Useful
A syntactically valid SBOM can still be useless. Here's how to validate structure, completeness, and accuracy to produce SBOMs worth trusting.
SBOM Requirements for Financial Services: What You Need to Know
Financial regulators are tightening software transparency requirements. Here's what banks, fintechs, and financial institutions need to know about SBOMs.
SBOMs for SaaS Products: What Customers Are Starting to Demand
SBOMs were originally for on-premises software. Now SaaS customers are asking for them too. Here is what that means and how to respond.
Cross-Language Dependency Analysis: Bridging npm, pip, Maven, and Beyond
Modern applications use multiple languages and package ecosystems. Analyzing dependencies across these boundaries requires techniques that single-ecosystem tools cannot provide.
SBOM Requirements for Medical Devices: FDA's New Mandate
The FDA now requires software bill of materials for medical device submissions. Here's what manufacturers need to know about compliance.
SBOM Sharing and Distribution Best Practices
Generating SBOMs is only half the battle. Sharing them securely and effectively with stakeholders requires careful planning and tooling.
SBOMs for Serverless Applications: What Changes and What Doesn't
Serverless doesn't mean dependency-free. Here's how to generate and manage SBOMs for Lambda functions, Azure Functions, and Cloud Functions.
SBOM Format Conversion: Tools and Techniques
Your supplier sends SPDX, your platform expects CycloneDX. Here's how to convert between SBOM formats without losing critical data.
The End-of-Year Dependency Audit Ritual
Most dependency audits get done in a panic after a CVE lands. A planned year-end audit is cheaper, more thorough, and produces a backlog you can actually work through in Q1.