Safeguard
Tag

dependency-security

Safeguard articles tagged "dependency-security" — guides, analysis, and best practices for software supply chain and application security.

51 articles

Software Supply Chain Security

Package Firewall: Blocking Malicious Dependencies at Inst...

Malicious npm and PyPI packages are published daily. See why a package firewall that blocks at install time stops attacks that post-hoc scanners catch too late.

May 17, 20268 min read
Buyer's Guides

npm audit isn't enough: what it misses

npm audit catches known CVEs and stops there. It misses malicious packages, install scripts, and typosquats -- the threats actually landing in npm today.

May 13, 20268 min read
Product

CI/CD pipeline dependency security integration coverage

How does Safeguard's pipeline-native dependency security compare to Socket.dev's PR-comment model? A concrete look at coverage, enforcement, and deployment options.

May 13, 20267 min read
Open Source Security

Securing mobile app dependencies: CocoaPods and Gradle

CocoaPods and Gradle power millions of mobile apps. See how orphaned pods, build-script RCE, and dependency confusion put them at real risk today.

Apr 29, 20267 min read
Application Security

Electron app security best practices

nodeIntegration, contextIsolation, Chromium patch lag, and npm supply chain risk: the Electron security best practices that actually stop RCE.

Apr 28, 20267 min read
Application Security

Building a secure GraphQL API with Node.js

A practical guide to securing Node.js GraphQL APIs: query complexity limits, field-level authorization, injection-safe resolvers, and CSRF hardening.

Apr 27, 20267 min read
Application Security

10 serverless security best practices

10 concrete, numbers-backed serverless security practices covering IAM least privilege, dependency SBOMs, event injection, and secrets management.

Apr 27, 20266 min read
Software Supply Chain Security

NPM package vulnerabilities: risks and detection

NPM's open, high-velocity ecosystem makes it a top target for supply chain attacks. Here's how vulnerabilities slip past scanners like Trivy undetected.

Apr 25, 20266 min read
Cloud Security

Repojacking

Aqua Security found nearly 37,000 GitHub repos vulnerable to repojacking, including Google and Lyft. Here's how the attack works and how Safeguard catches it.

Apr 13, 20267 min read
Software Supply Chain Security

What is a Software Supply Chain Attack

A software supply chain attack compromises trusted dependencies or build systems to spread malicious code downstream — here's how it works, and how to stop it.

Apr 4, 20267 min read
Open Source Security

Known Vulnerabilities in Dependencies

Known vulnerabilities in dependencies cause most supply-chain breaches, not because they're undetected but because teams can't tell which ones are reachable.

Apr 1, 20267 min read
Best Practices

Best SCA Tools for Enterprise: 2026 Comparison

A fact-based 2026 review of the best Software Composition Analysis tools for enterprise teams, covering depth, reachability, remediation, and compliance.

Mar 12, 20268 min read
dependency-security (Page 2) — Safeguard Blog