Safeguard
Tag

software-supply-chain-security

Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

494 articles

Buyer's Guides

ASPM platform buyer's guide (Software Risk Manager)

A fact-based comparison of Safeguard and Black Duck's Software Risk Manager for teams evaluating ASPM platforms: architecture, SCA heritage, deployment.

Jun 13, 20268 min read
SBOM & Compliance

What is a Software Bill of Materials workflow (SPDX/SBOM)...

A practical breakdown of SPDX-based SBOM compliance workflows — NTIA rules, EU CRA and FDA deadlines, where Black Duck falls short, and how continuous SBOM generation closes the gap.

Jun 13, 20268 min read
AI Security

How to Audit the Dependencies of an AI Agent

An AI agent's dependency tree spans packages, MCP servers, models, and system prompts. A step-by-step audit method that actually enumerates all four layers.

Jun 12, 20266 min read
Application Security

BSIMM16 report: benchmarking software security program ma...

BSIMM16 shows AI now drives more security program change than any other force, with 111 firms assessed and SBOM use up nearly 30%. Here's what it means — and its blind spots.

Jun 12, 20267 min read
Compliance

Open source license compliance and risk management

How to manage open source license risk beyond point-in-time scans: copyleft traps, MongoDB/Elastic relicensing, and why continuous checks beat Black Duck-style audits.

Jun 12, 20267 min read
Industry Analysis

Financial services application security compliance

PCI DSS 4.0, DORA, and NYDFS 500 now demand provable SBOM and provenance evidence — see where legacy SCA tools like Black Duck fall short for financial services teams.

Jun 11, 20266 min read
Industry Analysis

Public sector / government application security requirements

EO 14028, CISA's attestation form, and FedRAMP have made government application security compliance its own discipline. Here's what's required and where legacy SCA tools like Black Duck fall short.

Jun 11, 20268 min read
Buyer's Guides

Best Vulnerability Management Tools in 2026: An Honest Buyer's Guide

An honest guide to the best vulnerability management tools in 2026 — from broad asset scanners like Tenable, Qualys, and Rapid7 to cloud-native Wiz and reachability-driven SCA from Snyk and Endor Labs — with a clear 'best for' for each and where Safeguard fits.

Jun 10, 20268 min read
Vulnerability Analysis

Cybersecurity Research Center (CyRC): vulnerability resea...

What is Black Duck's CyRC, how does it research and disclose vulnerabilities, and where do its coverage gaps leave your open source supply chain exposed?

Jun 10, 20267 min read
Buyer's Guides

Compare Sonatype / Why Choose Sonatype

Comparing Safeguard and Sonatype on origin, CVE-vs-malicious-package coverage, AI-agent (MCP) support, and CI/CD fit — a practical guide to Sonatype alternatives.

Jun 8, 20267 min read
Buyer's Guides

Sonatype Nexus Repository Manager Alternatives

Evaluating Nexus Repository Manager alternatives? A concrete look at reachability analysis, scanner fusion, auto-fix, and AI/MCP governance versus Sonatype.

Jun 8, 20267 min read
Buyer's Guides

How to evaluate software supply chain security vendors us...

A practical framework for evaluating software supply chain security vendors on verifiable dimensions—SBOM support, provenance, deployment model—rather than analyst labels alone.

Jun 7, 20268 min read
software-supply-chain-security (Page 8) — Safeguard Blog