spdx
Safeguard articles tagged "spdx" — guides, analysis, and best practices for software supply chain and application security.
52 articles
Best AIBOM Tools in 2026: AI Bill of Materials Platforms Compared
An honest, technical guide to the best AIBOM tools in 2026 — from the open-source OWASP AIBOM Generator to AI-BOM features in Snyk, Wiz, Mend, JFrog, and Manifest Cyber — with clear guidance on what an AI bill of materials should actually capture.
What is a Software Bill of Materials workflow (SPDX/SBOM)...
A practical breakdown of SPDX-based SBOM compliance workflows — NTIA rules, EU CRA and FDA deadlines, where Black Duck falls short, and how continuous SBOM generation closes the gap.
From SBOMs to AI BOMs: SPDX 3.0 Explained
SPDX 3.0 adds a formal AI profile for documenting ML models and datasets. Here's what changed, how it compares to CycloneDX, and why it matters now.
SBOM standard formats compared (CycloneDX, SPDX, SWID)
CycloneDX, SPDX, and SWID solve different problems. Here's how the SBOM formats differ, and how Safeguard's multi-format generation compares to Mend.io's approach.
SPDX vs CycloneDX: comparing SBOM formats
SPDX and CycloneDX both satisfy federal SBOM rules, but they solve different problems. Here's how they actually differ — with real specs, dates, and tooling.
CycloneDX vs SPDX: SBOM Format Comparison 2026
A practical CycloneDX vs SPDX comparison for 2026 buyers: schema depth, tool support, regulatory alignment, and which format to pick for which use case.
How to Read a CycloneDX SBOM: A Line-by-Line Walkthrough
A walkthrough of a CycloneDX 1.6 JSON document — metadata, components, services, dependencies, and vulnerabilities — with a real snippet and what to check first.
CycloneDX vs SPDX: SBOM Formats Compared
CycloneDX vs SPDX: how the two SBOM formats differ in vulnerability data, licensing, regulatory recognition, and conversion — and which to pick.
SPDX 3.0 Feature Overview for 2026
What changed in SPDX 3.0 and the 3.0.1 patch release: the profile model, AI and dataset profiles, serialization choices, and what to migrate first.
AI Bill of Materials (ML-BOM) Standards in 2026
A senior engineer's survey of AI-BOM and ML-BOM standards in 2026, from CycloneDX ML components to SPDX 3.0 AI profile, and what to actually ship.
SPDX
What is SPDX? A plain-English guide to the ISO-standard SBOM and license format that documents what's really inside your software.
SBOM Quality Across Ecosystems: 2026 Report
The Safeguard Research team measured SBOM quality across ecosystems and generators. The gaps between formats, tools, and languages are larger than most teams assume.