Safeguard
Tag

sbom

Safeguard articles tagged "sbom" — guides, analysis, and best practices for software supply chain and application security.

972 articles

SBOM

SBOM 101: A Complete Beginner's Guide to Software Bill of Materials

Everything you need to know about Software Bills of Materials -- what they are, why they matter, and how to start generating them for your projects.

Jun 5, 20227 min read
SBOM

CycloneDX Specification Deep Dive: Beyond the Basics

CycloneDX is more than a component list. This deep dive covers services, vulnerabilities, compositions, and the parts of the spec most teams overlook.

May 12, 20226 min read
Compliance & Regulations

CISA SBOM Guidance: What Government Agencies Need to Know

CISA's evolving SBOM requirements are reshaping how government agencies procure and manage software. Here's what the guidance says and how to operationalize it.

May 10, 20225 min read
DevSecOps

SBOM Automation in CI/CD Pipelines: A Hands-On Guide

Generating SBOMs manually is unsustainable. Here's how to automate SBOM creation, validation, and distribution as part of your existing CI/CD pipeline with practical examples.

Apr 8, 20225 min read
SBOM

Generating SBOMs with Syft: The Complete Guide

Syft is the most popular open-source SBOM generator. Here's how to use it effectively for containers, directories, archives, and CI/CD pipelines.

Apr 8, 20226 min read
Compliance & Regulations

Open Source License Compliance: A Practical Guide for 2022

License compliance is not just a legal checkbox — it is a business risk. Misunderstanding copyleft obligations or violating attribution requirements can result in lawsuits, forced code disclosure, or product recalls.

Feb 10, 20225 min read
Compliance & Regulations

SBOM Formats Compared: CycloneDX vs SPDX in 2022

Two SBOM standards are competing for adoption. CycloneDX and SPDX take fundamentally different approaches to describing software components. Here's what matters when choosing between them.

Feb 5, 20225 min read
Vulnerability Analysis

Detecting Log4Shell in Your Software Supply Chain

Log4j isn't just in your code — it's in your vendors' code, your container base images, and your transitive dependencies. Here's how to find it everywhere.

Dec 18, 20216 min read
Compliance & Regulations

NTIA SBOM Minimum Elements: What Your SBOM Actually Needs to Contain

The NTIA published its minimum elements for SBOMs in July 2021. Here's a practical breakdown of what's required, what's optional, and where most organizations fall short.

Nov 10, 20218 min read
DevSecOps

Why Software Bill of Materials Matter

SBOMs are the foundation of software supply chain security. Without knowing what's in your software, you can't secure it. Here's why SBOMs matter and how to get started.

Jul 25, 20216 min read
Compliance & Regulations

Understanding SBOM Requirements Under EO 14028

Executive Order 14028 mandates SBOMs for federal software procurement. Here's a practical breakdown of what's required, what formats to use, and how to get compliant.

Jun 1, 20216 min read
Compliance & Regulations

Executive Order 14028: What It Means for Software Supply Chain Security

President Biden's Executive Order 14028 redefined how the federal government approaches cybersecurity. Here's what every software vendor needs to know.

May 12, 20215 min read
sbom (Page 81) — Safeguard Blog