Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

Compliance & Regulations

The SBOM Maturity Model: A Practical Roadmap for Enterprise Adoption

Most organizations are still at SBOM Level 0. Here's a five-level maturity model to guide your journey from no SBOMs to full supply chain transparency.

Oct 20, 20226 min read
Tool Reviews

Tern: Container SBOM Generation Through Layer Analysis

A review of Tern, the open source tool that generates SBOMs by inspecting container image layers, including its strengths, limitations, and where it fits in your toolchain.

Oct 12, 20225 min read
SBOM

Generating SBOMs from Container Images: A Practical Guide

Container images are opaque by default. Here's how to crack them open with SBOMs to see exactly what's running in production.

Oct 8, 20227 min read
Open Source Security

OSS Review Toolkit (ORT): Automating License Compliance at Scale

The OSS Review Toolkit handles license scanning, vulnerability detection, and compliance policy enforcement. Here's how to put it to work.

Sep 28, 20226 min read
SBOM

Building an SBOM Program from Scratch: A Practical Guide

Standing up an SBOM program is more than picking a tool. This guide covers organizational buy-in, tooling selection, automation, and scaling from your first BOM to enterprise-wide adoption.

Sep 20, 20227 min read
Compliance

Software Transparency and the EU Cyber Resilience Act

The EU Cyber Resilience Act is rewriting the rules for software sold in Europe. Mandatory vulnerability handling, SBOM requirements, and security-by-design obligations are coming for every vendor.

Sep 15, 20228 min read
SBOM

SPDX Specification: A Practical Guide for Security Teams

SPDX is the ISO-standardized SBOM format. Here's how to use it effectively for security, not just license compliance.

Sep 15, 20226 min read
SBOM

Trivy for SBOM Generation and Vulnerability Scanning

Trivy combines SBOM generation with vulnerability scanning in a single tool. Here's how to use both capabilities effectively.

Aug 12, 20226 min read
DevSecOps

VEX Explained: How Vulnerability Exploitability Exchange Cuts Through Alert Noise

VEX documents let software producers tell consumers which vulnerabilities actually affect their products. Here's how VEX works and why it matters.

Jul 20, 20227 min read
How-To Guide

How to Create Your First SBOM

A practical, step-by-step guide to generating your first Software Bill of Materials using open-source tools and integrating it into your development workflow.

Jul 5, 20225 min read
Container Security

Docker Scout for Container Security Analysis: A Practical Guide

Docker Scout brings vulnerability scanning directly into the Docker CLI. Here is what it actually catches, where it falls short, and how to integrate it into your workflow.

Jul 5, 20226 min read
Vulnerability Management

CPE Naming Convention and the Vulnerability Matching Problem

CPE is the backbone of NVD vulnerability matching, and it is deeply flawed. Understanding its limitations is essential for accurate vulnerability management.

Jun 15, 20226 min read
sbom (Page 80) — Safeguard Blog