sbom
Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.
972 articles
SBOM 101: A Complete Beginner's Guide to Software Bill of Materials
Everything you need to know about Software Bills of Materials -- what they are, why they matter, and how to start generating them for your projects.
CycloneDX Specification Deep Dive: Beyond the Basics
CycloneDX is more than a component list. This deep dive covers services, vulnerabilities, compositions, and the parts of the spec most teams overlook.
CISA SBOM Guidance: What Government Agencies Need to Know
CISA's evolving SBOM requirements are reshaping how government agencies procure and manage software. Here's what the guidance says and how to operationalize it.
SBOM Automation in CI/CD Pipelines: A Hands-On Guide
Generating SBOMs manually is unsustainable. Here's how to automate SBOM creation, validation, and distribution as part of your existing CI/CD pipeline with practical examples.
Generating SBOMs with Syft: The Complete Guide
Syft is the most popular open-source SBOM generator. Here's how to use it effectively for containers, directories, archives, and CI/CD pipelines.
Open Source License Compliance: A Practical Guide for 2022
License compliance is not just a legal checkbox — it is a business risk. Misunderstanding copyleft obligations or violating attribution requirements can result in lawsuits, forced code disclosure, or product recalls.
SBOM Formats Compared: CycloneDX vs SPDX in 2022
Two SBOM standards are competing for adoption. CycloneDX and SPDX take fundamentally different approaches to describing software components. Here's what matters when choosing between them.
Detecting Log4Shell in Your Software Supply Chain
Log4j isn't just in your code — it's in your vendors' code, your container base images, and your transitive dependencies. Here's how to find it everywhere.
NTIA SBOM Minimum Elements: What Your SBOM Actually Needs to Contain
The NTIA published its minimum elements for SBOMs in July 2021. Here's a practical breakdown of what's required, what's optional, and where most organizations fall short.
Why Software Bill of Materials Matter
SBOMs are the foundation of software supply chain security. Without knowing what's in your software, you can't secure it. Here's why SBOMs matter and how to get started.
Understanding SBOM Requirements Under EO 14028
Executive Order 14028 mandates SBOMs for federal software procurement. Here's a practical breakdown of what's required, what formats to use, and how to get compliant.
Executive Order 14028: What It Means for Software Supply Chain Security
President Biden's Executive Order 14028 redefined how the federal government approaches cybersecurity. Here's what every software vendor needs to know.