Research
SBOM Quality Across Ecosystems: 2026 Report
The Safeguard Research team measured SBOM quality across ecosystems and generators. The gaps between formats, tools, and languages are larger than most teams assume.
Feb 26, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The Safeguard Research team measured SBOM quality across ecosystems and generators. The gaps between formats, tools, and languages are larger than most teams assume.
Generating accurate SBOMs for firmware and IoT devices remains one of the toughest challenges in supply chain security. Here's the current state of the art.
How EU DORA is reshaping software supply chain expectations for financial services in 2026, with practical guidance on ICT third-party risk, SBOMs, and incident reporting.
When a scanner's built-in SBOM export stops being enough — signals you need a dedicated SBOM tool, what one actually does, and how to evaluate.
If you sell software to the US government, SBOM requirements are now non-negotiable. Here's a practical playbook for compliance.
Why multi-architecture container images break assumptions baked into signing, SBOM, and attestation tooling, and how to build a multi-arch pipeline that stays verifiable.
You cannot secure what you cannot enumerate. Griffin AI maintains a typed inventory of every model, version, and deployment across a tenant. Mythos-class tools approximate the inventory in prose.
KubeCon + CloudNativeCon NA 2025 put supply chain security at the center of the cloud-native conversation. Here is what mattered for platform teams.
GCP's Artifact Analysis API is the most direct way to get scan results into your triage tooling. Here is how to use it without drowning your team.
Weekly insights on software supply chain security, delivered to your inbox.