Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

SBOM

SBOM automation from creation to scanning & analysis

SBOM generation alone isn't enough. See how continuous SBOM automation — from creation to scanning and analysis — closes the gaps left by point-in-time tools.

Mar 29, 20267 min read
SBOM

Tackling SBOM sprawl across an organization

SBOM generation has outpaced SBOM management. Here's why sprawl happens, what it costs in incident response and audits, and how to consolidate it for good.

Mar 28, 20268 min read
Tools

How Syft scans software to generate SBOMs (under-the-hood...

A deep look at Syft's under-the-hood scanning mechanics — catalogers, binary classifiers, layer squashing, and SBOM formats — and where the single-scan model breaks down at fleet scale.

Mar 28, 20267 min read
Compliance

EU CRA SBOM requirements overview and compliance tips

The EU Cyber Resilience Act makes SBOMs mandatory for connected products by December 2027. Here is what CRA compliance actually requires, and how to prepare.

Mar 25, 20267 min read
Compliance

NIST 800-53 security and privacy controls overview

A breakdown of NIST 800-53 Rev 5's control families, SBOM and supply-chain requirements, and why scanning tools like Anchore cover only a narrow slice of what compliance demands.

Mar 24, 20267 min read
Compliance

DoD software factory reference design and secure software...

What a real DoD software factory requires under the DevSecOps Reference Design, where Anchore's scanning fits and falls short, and how continuous SBOM evidence enables cATO.

Mar 23, 20267 min read
Compliance

ATO and continuous ATO (cATO) for government software

ATO takes 6-18 months and expires the moment it's signed. Here's what continuous ATO (cATO) really requires, where container-only tools like Anchore fall short, and how Safeguard closes the gap.

Mar 23, 20267 min read
Regulatory Compliance

HIPAA compliance requirements for covered entities

What covered entities actually need under HIPAA's Privacy, Security, and Breach Notification Rules—and why compliance dashboards alone won't satisfy an OCR audit.

Mar 20, 20266 min read
Regulatory Compliance

GDPR compliance basics for US and global SaaS companies

A practical GDPR compliance checklist for US and global SaaS teams: fines, deadlines, and why documentation platforms like Vanta don't cover Article 32's technical controls.

Mar 20, 20267 min read
Compliance

EU AI Act: Software Supply Chain Implications 2026

The EU AI Act's 2026 obligations reshape software supply chain requirements for AI system providers, deployers, and upstream model suppliers across every sector.

Mar 19, 20268 min read
Regulatory Compliance

FedRAMP authorization process for cloud vendors

A breakdown of the FedRAMP authorization process for cloud vendors — timelines, JAB vs. agency ATOs, 3PAO testing, costs, and where GRC tools like Vanta fall short on supply chain evidence.

Mar 19, 20268 min read
Cloud Security

What is Cloud Native Security

Cloud native security explained: what it is, the 4C's model, real breach examples, SBOM requirements, and the tools that secure containers and Kubernetes.

Mar 18, 20267 min read
software-supply-chain (Page 16) — Safeguard Blog