Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Industry Analysis

What Is Shift Left Security

Shift left security moves scanning earlier in the SDLC. Here's what it means, how Sonatype approaches it, where it falls short, and how Safeguard closes the gap.

Jun 2, 20267 min read
Threat Intelligence

What Is Post-Quantum Cryptography (for software supply ch...

Quantum computers will eventually break RSA and ECDSA. Here's what NIST's 2024 PQC standards, CNSA 2.0 deadlines, and "harvest now, decrypt later" mean for signed software supply chains.

Jun 2, 20267 min read
Buyer's Guides

Snyk Alternatives in 2026: 8 Options Compared

An honest, opinionated guide to the best Snyk alternatives in 2026 — Endor Labs, Socket, Mend, Aikido, Semgrep, Sonatype, Trivy, and Safeguard — with a fair blurb and a 'best for' line for each, plus where reachability and remediation actually matter.

Jun 1, 20268 min read
Application Security

How to secure a REST API

REST API breaches from T-Mobile to Optus trace to a handful of recurring mistakes. Here's how to fix authorization, auth, injection, and rate limiting.

Jun 1, 20266 min read
AI Security

AI governance frameworks: managing risk in AI-built software

AI governance frameworks like NIST AI RMF and the EU AI Act now govern AI-built software. Here's what they require, and where JFrog's artifact-first approach falls short.

May 31, 20267 min read
AI Security

Responsible AI principles: what vendors commit to when bu...

What should a "responsible AI" commitment from a security vendor actually contain? A breakdown of the regulations, disclosures, and JFrog comparison every buyer should check.

May 29, 20268 min read
Application Security

Better Ruby Gemfile security: a step-by-step guide

A step-by-step guide to auditing your Gemfile.lock, spotting RubyGems supply chain attacks, and locking down Ruby dependencies before they ship.

May 27, 20267 min read
SBOM

SBOM standard formats compared (CycloneDX, SPDX, SWID)

CycloneDX, SPDX, and SWID solve different problems. Here's how the SBOM formats differ, and how Safeguard's multi-format generation compares to Mend.io's approach.

May 27, 20268 min read
Application Security

6 Angular security best practices cheat sheet

A six-part cheat sheet on Angular security: sanitizer limits, AngularJS EOL, dependency risk, token storage, CSP nonces, and library auditing.

May 26, 20267 min read
Compliance

Open source license management tools: features and best p...

A practical comparison of open source license management tools, contrasting Safeguard and Mend.io on detection, policy enforcement, and SBOM depth.

May 26, 20268 min read
AI Security

Evaluating AI Security Posture Management (AI-SPM) tools:...

A practical, criteria-based comparison of Safeguard and Mend.io for AI-SPM buyers: provenance verification, AI-BOM depth, and CI/CD policy enforcement.

May 25, 20268 min read
AI Security

Best AI red teaming tools ranked

Best AI red teaming tools ranked: how Mend.io's SCA scanning and Safeguard's exploitability-first SBOM analysis actually differ for AI supply chain risk.

May 25, 20267 min read
software-supply-chain (Page 7) — Safeguard Blog