Safeguard
Topic

Supply Chain Security

In-depth guides and analysis on supply chain security from the Safeguard engineering team.

55 articles

Supply Chain Security

Package Manager Security: npm, pip, and Maven Compared

Each package manager has its own security model, attack surface, and best practices. This guide compares npm, pip, and Maven from a supply chain security perspective.

Oct 8, 20228 min read
Supply Chain Security

Supply Chain Security for Government Agencies

Government agencies face unique software supply chain threats. Here's how federal and state organizations can protect critical infrastructure from compromise.

Aug 18, 20226 min read
Supply Chain Security

Notary v2 Content Trust: A Practical Implementation Guide

Docker Content Trust never gained traction. Notary v2, now called Notation, is the replacement. Here is how to implement it and what has changed.

Jul 12, 20225 min read
Supply Chain Security

Linux Distribution Package Signing: How It Actually Works

Package signing is the backbone of Linux software distribution security. Most teams trust it blindly without understanding the verification chain they depend on.

Jun 12, 20227 min read
Supply Chain Security

OCI Artifact Signing Standards: Making Sense of the Landscape

Container image signing has gone through multiple iterations. Here is where the OCI standards stand now and what you need to implement.

May 12, 20225 min read
Supply Chain Security

Azure DevOps Supply Chain Risks: Securing Your Microsoft CI/CD Pipeline

Azure DevOps pipelines present unique supply chain risks from marketplace extensions to service connections. A breakdown of the attack surface and how to harden it.

Apr 15, 20226 min read
Supply Chain Security

XcodeGhost Revisited: How a Trojanized IDE Infected Thousands of iOS Apps

XcodeGhost compromised Apple's developer toolchain by distributing a modified Xcode IDE. Years later, the attack remains a textbook example of build-tool supply chain compromise.

Nov 15, 20216 min read
Supply Chain Security (Page 5) — Supply Chain Security Blog | Safeguard