Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

AI Security

Building trust in AI-assisted software development

AI writes 30-50% of new code at many shops now, and 45% of it ships with security flaws. Here's how to build real trust in that pipeline.

Jun 6, 20266 min read
AI Security

Vulnerability Prioritization in the AI Era

CVSS scores can't keep pace with AI-generated code and 40,000+ annual CVEs. Here's why Sonatype's component-level model falls short and what real prioritization requires.

Jun 6, 20268 min read
AI Security

Claude Code and Claude Desktop security integrations

Claude Code's shell access and MCP's connector boom are reshaping software supply chain risk. Here's what security teams need to know and do.

Jun 6, 20267 min read
SBOM

From SBOMs to AI BOMs: SPDX 3.0 Explained

SPDX 3.0 adds a formal AI profile for documenting ML models and datasets. Here's what changed, how it compares to CycloneDX, and why it matters now.

Jun 6, 20268 min read
AI Security

Securing AI coding IDE extensions and plugins

VS Code themes with 9M installs shipped backdoors; Cursor's rules files were hijacked in 2025. Here's what AI IDE extension security actually requires.

Jun 5, 20266 min read
Regulatory Compliance

Open Source License Compliance Management

Open source license compliance is now a continuous, automated discipline. Here's what Sonatype gets right, where it falls short, and how Safeguard unifies license risk with vulnerability management.

Jun 5, 20268 min read
Application Security

Container Security for the Software Supply Chain

Container scanning means more than SCA: OS layers, secrets, and provenance matter too. See the gaps in SCA-first tools and how Safeguard closes them.

Jun 4, 20267 min read
AI Security

AI & LLM Governance for Software Development

Sonatype flags bad packages after the fact. Here's what AI governance for software development requires, and how Safeguard tracks models and output together.

Jun 4, 20268 min read
Application Security

Implementing the OWASP Top 10 Proactive Controls

A field guide to the OWASP Top 10 Proactive Controls: what each control requires, real breach examples like Equifax, and how to implement them in CI/CD.

Jun 4, 20267 min read
Industry Analysis

InnerSource Practices for Enterprise Development

InnerSource speeds up enterprise code reuse, but it also turns every internal team into an unaudited package publisher. Here's where governance breaks and how to fix it.

Jun 4, 20267 min read
AI Security

What Are AI Bills of Materials (AIBOMs)

What is an AI Bill of Materials (AIBOM), why do SBOM tools like Sonatype fall short on AI components, and how do teams build one in 2025.

Jun 3, 20268 min read
Threat Intelligence

What Are Open Source Vulnerabilities

Open source vulnerabilities explained: how flaws like Log4Shell and XZ Utils spread through dependency trees, how Sonatype tracks them, and how to prioritize fixes.

Jun 3, 20268 min read
software-supply-chain (Page 6) — Safeguard Blog