Safeguard
Tag

spdx

Safeguard articles tagged "spdx" — guides, analysis, and best practices for software supply chain and application security.

52 articles

Buyer's Guides

Best AIBOM Tools in 2026: AI Bill of Materials Platforms Compared

An honest, technical guide to the best AIBOM tools in 2026 — from the open-source OWASP AIBOM Generator to AI-BOM features in Snyk, Wiz, Mend, JFrog, and Manifest Cyber — with clear guidance on what an AI bill of materials should actually capture.

Jun 13, 20268 min read
SBOM & Compliance

What is a Software Bill of Materials workflow (SPDX/SBOM)...

A practical breakdown of SPDX-based SBOM compliance workflows — NTIA rules, EU CRA and FDA deadlines, where Black Duck falls short, and how continuous SBOM generation closes the gap.

Jun 13, 20268 min read
SBOM

From SBOMs to AI BOMs: SPDX 3.0 Explained

SPDX 3.0 adds a formal AI profile for documenting ML models and datasets. Here's what changed, how it compares to CycloneDX, and why it matters now.

Jun 6, 20268 min read
SBOM

SBOM standard formats compared (CycloneDX, SPDX, SWID)

CycloneDX, SPDX, and SWID solve different problems. Here's how the SBOM formats differ, and how Safeguard's multi-format generation compares to Mend.io's approach.

May 27, 20268 min read
Open Source Security

SPDX vs CycloneDX: comparing SBOM formats

SPDX and CycloneDX both satisfy federal SBOM rules, but they solve different problems. Here's how they actually differ — with real specs, dates, and tooling.

May 8, 20267 min read
SBOM

CycloneDX vs SPDX: SBOM Format Comparison 2026

A practical CycloneDX vs SPDX comparison for 2026 buyers: schema depth, tool support, regulatory alignment, and which format to pick for which use case.

Apr 14, 20265 min read
SBOM

How to Read a CycloneDX SBOM: A Line-by-Line Walkthrough

A walkthrough of a CycloneDX 1.6 JSON document — metadata, components, services, dependencies, and vulnerabilities — with a real snippet and what to check first.

Apr 13, 20267 min read
Software Supply Chain Security

CycloneDX vs SPDX: SBOM Formats Compared

CycloneDX vs SPDX: how the two SBOM formats differ in vulnerability data, licensing, regulatory recognition, and conversion — and which to pick.

Apr 5, 20266 min read
SBOM

SPDX 3.0 Feature Overview for 2026

What changed in SPDX 3.0 and the 3.0.1 patch release: the profile model, AI and dataset profiles, serialization choices, and what to migrate first.

Mar 19, 20265 min read
AI Security

AI Bill of Materials (ML-BOM) Standards in 2026

A senior engineer's survey of AI-BOM and ML-BOM standards in 2026, from CycloneDX ML components to SPDX 3.0 AI profile, and what to actually ship.

Mar 18, 20267 min read
Software Supply Chain Security

SPDX

What is SPDX? A plain-English guide to the ISO-standard SBOM and license format that documents what's really inside your software.

Mar 3, 20267 min read
Research

SBOM Quality Across Ecosystems: 2026 Report

The Safeguard Research team measured SBOM quality across ecosystems and generators. The gaps between formats, tools, and languages are larger than most teams assume.

Feb 26, 20268 min read
spdx (Page 2) — Safeguard Blog