software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
SBOM automation from creation to scanning & analysis
SBOM generation alone isn't enough. See how continuous SBOM automation — from creation to scanning and analysis — closes the gaps left by point-in-time tools.
Tackling SBOM sprawl across an organization
SBOM generation has outpaced SBOM management. Here's why sprawl happens, what it costs in incident response and audits, and how to consolidate it for good.
How Syft scans software to generate SBOMs (under-the-hood...
A deep look at Syft's under-the-hood scanning mechanics — catalogers, binary classifiers, layer squashing, and SBOM formats — and where the single-scan model breaks down at fleet scale.
EU CRA SBOM requirements overview and compliance tips
The EU Cyber Resilience Act makes SBOMs mandatory for connected products by December 2027. Here is what CRA compliance actually requires, and how to prepare.
NIST 800-53 security and privacy controls overview
A breakdown of NIST 800-53 Rev 5's control families, SBOM and supply-chain requirements, and why scanning tools like Anchore cover only a narrow slice of what compliance demands.
DoD software factory reference design and secure software...
What a real DoD software factory requires under the DevSecOps Reference Design, where Anchore's scanning fits and falls short, and how continuous SBOM evidence enables cATO.
ATO and continuous ATO (cATO) for government software
ATO takes 6-18 months and expires the moment it's signed. Here's what continuous ATO (cATO) really requires, where container-only tools like Anchore fall short, and how Safeguard closes the gap.
HIPAA compliance requirements for covered entities
What covered entities actually need under HIPAA's Privacy, Security, and Breach Notification Rules—and why compliance dashboards alone won't satisfy an OCR audit.
GDPR compliance basics for US and global SaaS companies
A practical GDPR compliance checklist for US and global SaaS teams: fines, deadlines, and why documentation platforms like Vanta don't cover Article 32's technical controls.
EU AI Act: Software Supply Chain Implications 2026
The EU AI Act's 2026 obligations reshape software supply chain requirements for AI system providers, deployers, and upstream model suppliers across every sector.
FedRAMP authorization process for cloud vendors
A breakdown of the FedRAMP authorization process for cloud vendors — timelines, JAB vs. agency ATOs, 3PAO testing, costs, and where GRC tools like Vanta fall short on supply chain evidence.
What is Cloud Native Security
Cloud native security explained: what it is, the 4C's model, real breach examples, SBOM requirements, and the tools that secure containers and Kubernetes.