Safeguard
Tag

open-source

Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.

138 articles

Vendor Comparison

Socket.dev vs Phylum: which supply chain risk scanner fits your stack in 2026

How Socket.dev and Phylum compare on behavioral detection, ecosystem coverage, scoring transparency, and the developer ergonomics that decide adoption.

May 12, 20267 min read
Open Source Security

Node.js Supply Chain Defence Program 2026

A practical 2026 blueprint for hardening Node.js supply chains across npm, lockfiles, scripts, and runtime — and where Safeguard plugs into the program.

Apr 12, 20267 min read
Best Practices

Open Source vs Commercial Security Scanners 2026

When to use Trivy, Grype, and OSV-Scanner versus commercial scanners in 2026: honest tradeoffs, integration realities, and decision criteria.

Apr 9, 20268 min read
Open Source Security

Python Monorepo Supply Chain Controls 2026

How to design supply chain controls for a Python monorepo in 2026 — from PyPI quarantine to wheel provenance — with Safeguard as the policy backbone.

Apr 8, 20267 min read
Open Source Security

Java/Spring Supply Chain Defence Blueprint 2026

A 2026 blueprint for hardening Java and Spring supply chains across Maven, Gradle, fat JARs, and runtime — with Safeguard as the policy and evidence layer.

Apr 4, 20267 min read
Open Source Security

Go Modules Supply Chain Program Blueprint 2026

A 2026 blueprint for Go modules supply chain security — from proxy and checksum database to vendoring and binary provenance — anchored by Safeguard.

Mar 30, 20267 min read
SBOM

How to generate an SBOM with free open source tools

Free tools like Syft and Trivy can generate an SBOM in minutes. Here's exactly how, where open source tooling stops scaling, and how Safeguard fills the gap.

Mar 29, 20267 min read
SBOM

Tern SBOM Generation Walkthrough for 2026

A walkthrough of generating SBOMs with Tern in 2026, covering layer-by-layer inspection, CycloneDX output, and practical comparison with Syft.

Mar 28, 20266 min read
Industry Analysis

State of Open Source Funding and Security 2026

How open source funding flows connect to security outcomes in 2026: maintainer capacity, critical project support, and the patterns that reduce risk.

Mar 26, 20269 min read
Open Source Security

Rust Cargo Supply Chain Defence Program

A 2026 defence program for Rust and Cargo — covering crates.io, build scripts, proc-macros, and binary provenance — anchored by Safeguard policy gates.

Mar 25, 20267 min read
Open Source Security

Open Source Vulnerability Database Comparison 2026

Comparing the major open source vulnerability databases in 2026: NVD, OSV, GHSA, GitLab Advisory, and ecosystem-specific feeds measured on coverage and freshness.

Mar 22, 20265 min read
Open Source Security

Open Source Funding Crisis: What It Means for Your Tree

Critical infrastructure depends on unpaid maintainers, and burnout creates openings attackers exploit. xz-utils was the warning shot, not the exception.

Mar 21, 20267 min read
open-source (Page 3) — Safeguard Blog