Postmortems
Learn from every supply chain disaster.
Detailed, dated, blameless postmortems of the major software supply chain incidents — and what Safeguard would have done differently.
12 incidents documented2020 – 2025
2020
1 incidentThe year the build pipeline officially became the new attack surface.
2021
1 incidentThe watershed CVE that made SBOM a board-level concern.
2023
3 incidentsThe year mass-exploitation of managed file transfer hit the headlines.
2024
6 incidentsSocial-engineered backdoors, mass CDN takeovers, and edge-device zero-days exploited at scale.
2025
1 incidentCompromised CI/CD actions remind every team that GitHub Actions is production infrastructure.
Would Safeguard have caught it?
Bring a postmortem to the table. We'll walk through what Safeguard would have flagged, when it would have flagged it, and which gate would have blocked the blast radius.