SBOM
CISA Minimum Elements for SBOM: 2026 Update
A clear walkthrough of CISA's 2026 revisions to the minimum elements for SBOM, what changed from the original NTIA baseline, and how to bring your outputs into compliance.
Mar 4, 20266 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A clear walkthrough of CISA's 2026 revisions to the minimum elements for SBOM, what changed from the original NTIA baseline, and how to bring your outputs into compliance.
An engineer's side-by-side of Syft, Tern, and Trivy for SBOM generation in 2026, with honest notes on accuracy, performance, and where each tool actually fits.
When a critical CVE drops, the only number that matters is minutes-to-blast-radius. Here is how a well-run SBOM programme answers the question in under five minutes.
How SBOMs have become a standard input to technical due diligence for software acquisitions, what acquirers actually look for, and how sellers should prepare.
How telecom operators should rebuild their software supply chain strategy for 2026: SBOM mandates, 5G core risks, vendor concentration, and reachability-driven prioritization.
The EU Cyber Resilience Act requires vendors to ship secure-by-default products, provide SBOMs, and report exploited vulnerabilities within 24 hours. Here is a concrete compliance path.
A senior engineer's playbook for auditing open source licenses across modern polyglot repos, from SPDX extraction to enforcement in CI and legal reporting.
An inside look at Safeguard's Open Source Manager — how it tracks, evaluates, and enforces policies across every open-source dependency in your portfolio.
Quarterly inventories are wrong by the time they are signed. Continuous discovery is the only model that matches modern rates of change.
Weekly insights on software supply chain security, delivered to your inbox.