Safeguard
Tag

build-security

Safeguard articles tagged "build-security" — guides, analysis, and best practices for software supply chain and application security.

31 articles

Software Supply Chain Security

Maven Plugin Verification: Securing Your Java Build Pipeline

Maven plugins execute during your build with full JVM access. Here is how to verify they are legitimate and have not been tampered with.

May 8, 20244 min read
Open Source Security

Maven Enforcer Plugin Security Rules

Maven Enforcer is a blunt instrument most teams underuse. Here is how to turn it into a supply chain guardrail that blocks bad versions, bad repositories, and bad dependency graphs before they ship.

Mar 25, 20247 min read
DevSecOps

Earthly Reproducible Builds and Security

How Earthly's reproducible, containerized build system eliminates environment drift and strengthens build integrity for security-conscious teams.

Feb 28, 20246 min read
Software Supply Chain Security

Gradle Plugin Security Risks: The Code That Runs Before Your Code

Gradle plugins execute during your build with full access to your environment. Most teams never audit them. Here is why that is dangerous.

Jan 8, 20244 min read
Software Supply Chain Security

Post-Install Hooks Across Package Managers: A Comparative Security Analysis

Every package ecosystem handles install-time code execution differently. Some are permissive, some restrictive, and the differences matter for supply chain security.

Dec 10, 20235 min read
Software Supply Chain Security

Build System Poisoning Techniques: How Attackers Corrupt Your Pipeline

Build systems transform source code into deployable artifacts. When attackers poison the build, every artifact is compromised. Here is how it happens.

Sep 8, 20234 min read
DevSecOps

Runtime SBOM vs. Build-Time SBOM: Which Do You Actually Need?

Build-time SBOMs capture what goes into your software; runtime SBOMs capture what actually runs. Understanding the difference is critical for accurate vulnerability management.

Aug 25, 20235 min read
Network Security

WireGuard for Development Infrastructure: Fast, Simple, and Secure Tunneling

WireGuard's simplicity and performance make it well-suited for securing development infrastructure. Here is how to deploy it for build servers, artifact repositories, and developer access.

Jun 5, 20235 min read
DevSecOps

SLSA v1.0: Supply-chain Levels for Software Artifacts Reaches Maturity

SLSA v1.0 simplifies the framework and makes it practical to adopt. Here's what changed and how to implement it.

May 1, 20236 min read
DevSecOps

Software Attestation in Practice: From Theory to Implementation

Software attestation is moving from academic concept to practical requirement. Here's how to implement it in your build pipelines today.

Apr 8, 20236 min read
DevSecOps

3CX Attack Lessons: What Every Software Vendor Must Do Differently

The 3CX supply chain attack exposed critical gaps in how software vendors protect their build pipelines. Here are the concrete lessons.

Apr 2, 20237 min read
Software Supply Chain Security

Maven Dependency Resolution Attacks: Exploiting Java's Build System

Maven's dependency resolution mechanism can be exploited through repository poisoning, dependency confusion, and POM manipulation. Here is what Java teams need to know.

Mar 5, 20235 min read
build-security (Page 2) — Safeguard Blog