Safeguard
Topic

Dependency Security

In-depth guides and analysis on dependency security from the Safeguard engineering team.

11 articles

Dependency Security

Mitigating npm Install Scripts Without Breaking Your Build

`--ignore-scripts` is the blunt fix that breaks node-sass and better-sqlite3. Here is the surgical version that keeps builds green and postinstalls contained.

Mar 9, 20267 min read
Dependency Security

.NET NuGet Package Security

Securing your .NET supply chain with NuGet package signing, lock files, and vulnerability scanning.

Feb 15, 20244 min read
Dependency Security

Rust Cargo Dependency Security Guide

How to secure your Rust supply chain with Cargo.lock, crate auditing, and build script controls.

Nov 10, 20235 min read
Dependency Security

Golang Module Security and Verification

Securing your Go module supply chain with checksum databases, GOPROXY, and vendor directories.

Jul 22, 20235 min read
Dependency Security

Kotlin Gradle Dependency Verification

Implement dependency verification in Kotlin Gradle projects with checksums, PGP signatures, and repository filtering.

Jun 30, 20234 min read
Dependency Security

Java Maven and Gradle Dependency Security

How to secure your Java dependency chain across Maven and Gradle builds, from signature verification to repository management.

Mar 8, 20234 min read
Dependency Security

Swift CocoaPods and SPM Security

Securing iOS and macOS dependencies with Swift Package Manager and CocoaPods, including checksum verification and source control.

Feb 25, 20234 min read
Dependency Security

Python Package Security Best Practices

Practical techniques for securing your Python supply chain, from pip and PyPI to virtual environments and hash verification.

Nov 18, 20225 min read
Dependency Security

PHP Composer Dependency Security

Securing PHP applications through Composer lockfiles, Packagist verification, and automated vulnerability scanning.

Oct 5, 20224 min read
Dependency Security

JavaScript Dependency Security: The Complete Guide

A thorough walkthrough of securing your JavaScript dependency tree, from lockfile hygiene to automated auditing and runtime protections.

Jul 12, 20226 min read
Dependency Security

Ruby Gems Supply Chain Security

Protecting your Ruby applications from gem-based supply chain attacks with Bundler security features, gem signing, and auditing.

Jun 20, 20224 min read
Dependency Security — Supply Chain Security Blog | Safeguard