software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
What Is Shift Left Security
Shift left security moves scanning earlier in the SDLC. Here's what it means, how Sonatype approaches it, where it falls short, and how Safeguard closes the gap.
What Is Post-Quantum Cryptography (for software supply ch...
Quantum computers will eventually break RSA and ECDSA. Here's what NIST's 2024 PQC standards, CNSA 2.0 deadlines, and "harvest now, decrypt later" mean for signed software supply chains.
Snyk Alternatives in 2026: 8 Options Compared
An honest, opinionated guide to the best Snyk alternatives in 2026 — Endor Labs, Socket, Mend, Aikido, Semgrep, Sonatype, Trivy, and Safeguard — with a fair blurb and a 'best for' line for each, plus where reachability and remediation actually matter.
How to secure a REST API
REST API breaches from T-Mobile to Optus trace to a handful of recurring mistakes. Here's how to fix authorization, auth, injection, and rate limiting.
AI governance frameworks: managing risk in AI-built software
AI governance frameworks like NIST AI RMF and the EU AI Act now govern AI-built software. Here's what they require, and where JFrog's artifact-first approach falls short.
Responsible AI principles: what vendors commit to when bu...
What should a "responsible AI" commitment from a security vendor actually contain? A breakdown of the regulations, disclosures, and JFrog comparison every buyer should check.
Better Ruby Gemfile security: a step-by-step guide
A step-by-step guide to auditing your Gemfile.lock, spotting RubyGems supply chain attacks, and locking down Ruby dependencies before they ship.
SBOM standard formats compared (CycloneDX, SPDX, SWID)
CycloneDX, SPDX, and SWID solve different problems. Here's how the SBOM formats differ, and how Safeguard's multi-format generation compares to Mend.io's approach.
6 Angular security best practices cheat sheet
A six-part cheat sheet on Angular security: sanitizer limits, AngularJS EOL, dependency risk, token storage, CSP nonces, and library auditing.
Open source license management tools: features and best p...
A practical comparison of open source license management tools, contrasting Safeguard and Mend.io on detection, policy enforcement, and SBOM depth.
Evaluating AI Security Posture Management (AI-SPM) tools:...
A practical, criteria-based comparison of Safeguard and Mend.io for AI-SPM buyers: provenance verification, AI-BOM depth, and CI/CD policy enforcement.
Best AI red teaming tools ranked
Best AI red teaming tools ranked: how Mend.io's SCA scanning and Safeguard's exploitability-first SBOM analysis actually differ for AI supply chain risk.