open-source
Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.
138 articles
Socket.dev vs Phylum: which supply chain risk scanner fits your stack in 2026
How Socket.dev and Phylum compare on behavioral detection, ecosystem coverage, scoring transparency, and the developer ergonomics that decide adoption.
Node.js Supply Chain Defence Program 2026
A practical 2026 blueprint for hardening Node.js supply chains across npm, lockfiles, scripts, and runtime — and where Safeguard plugs into the program.
Open Source vs Commercial Security Scanners 2026
When to use Trivy, Grype, and OSV-Scanner versus commercial scanners in 2026: honest tradeoffs, integration realities, and decision criteria.
Python Monorepo Supply Chain Controls 2026
How to design supply chain controls for a Python monorepo in 2026 — from PyPI quarantine to wheel provenance — with Safeguard as the policy backbone.
Java/Spring Supply Chain Defence Blueprint 2026
A 2026 blueprint for hardening Java and Spring supply chains across Maven, Gradle, fat JARs, and runtime — with Safeguard as the policy and evidence layer.
Go Modules Supply Chain Program Blueprint 2026
A 2026 blueprint for Go modules supply chain security — from proxy and checksum database to vendoring and binary provenance — anchored by Safeguard.
How to generate an SBOM with free open source tools
Free tools like Syft and Trivy can generate an SBOM in minutes. Here's exactly how, where open source tooling stops scaling, and how Safeguard fills the gap.
Tern SBOM Generation Walkthrough for 2026
A walkthrough of generating SBOMs with Tern in 2026, covering layer-by-layer inspection, CycloneDX output, and practical comparison with Syft.
State of Open Source Funding and Security 2026
How open source funding flows connect to security outcomes in 2026: maintainer capacity, critical project support, and the patterns that reduce risk.
Rust Cargo Supply Chain Defence Program
A 2026 defence program for Rust and Cargo — covering crates.io, build scripts, proc-macros, and binary provenance — anchored by Safeguard policy gates.
Open Source Vulnerability Database Comparison 2026
Comparing the major open source vulnerability databases in 2026: NVD, OSV, GHSA, GitLab Advisory, and ecosystem-specific feeds measured on coverage and freshness.
Open Source Funding Crisis: What It Means for Your Tree
Critical infrastructure depends on unpaid maintainers, and burnout creates openings attackers exploit. xz-utils was the warning shot, not the exception.