Safeguard
Tag

open-source

Safeguard articles tagged "open-source" — guides, analysis, and best practices for software supply chain and application security.

138 articles

Open Source Security

.NET / NuGet Enterprise Supply Chain Program

An enterprise-grade .NET and NuGet supply chain program for 2026 — covering feeds, lockfiles, MSBuild targets, and runtime — backed by Safeguard.

Mar 20, 20267 min read
Open Source Security

Ruby / Bundler Supply Chain Program 2026

A 2026 supply chain program for Ruby and Bundler — covering RubyGems, Gemfile.lock, native extensions, and Rails — anchored by Safeguard policy gates.

Mar 15, 20267 min read
Open Source Security

PHP / Composer Supply Chain Defence 2026

A 2026 supply chain defence for PHP and Composer — covering Packagist, composer.lock, autoload manipulation, and Laravel — backed by Safeguard.

Mar 10, 20267 min read
Open Source Security

PyPI 2FA Lessons Two Years In

PyPI mandated 2FA for all maintainers in 2024. Two years in, account takeovers dropped — but attackers shifted to OIDC tokens, abandoned packages, and maintainer devices.

Mar 6, 20267 min read
Open Source Security

Swift And CocoaPods Supply Chain Program

A 2026 supply chain program for Swift apps — covering SPM, CocoaPods, XCFrameworks, and notarisation — anchored by Safeguard policy and SBOM evidence.

Mar 5, 20267 min read
Software Supply Chain Security

Fintech Software Supply Chain Realities in 2026

Fintechs ship fast and run on a thick layer of open source. Here is what the 2026 supply chain threat landscape looks like for a modern payments or lending platform, and the controls that actually scale.

Mar 4, 20266 min read
Supply Chain Attacks

npm Protestware Patterns From 2020 to 2026

A senior engineer's view of six years of npm protestware, from colors.js to peacenotwar, and the supply chain lessons that still apply to modern JavaScript shops.

Mar 3, 20267 min read
Best Practices

How to Audit Open Source Licenses for Compliance

A senior engineer's playbook for auditing open source licenses across modern polyglot repos, from SPDX extraction to enforcement in CI and legal reporting.

Mar 2, 20268 min read
Product

Safeguard Open Source Manager: A Deep Dive Into Dependency Governance

An inside look at Safeguard's Open Source Manager — how it tracks, evaluates, and enforces policies across every open-source dependency in your portfolio.

Mar 2, 20267 min read
Open Source Security

The OSV Vulnerability Database API Cookbook

Practical patterns for using the OSV.dev API in production: batch queries, schema gotchas, version range parsing, and how to integrate OSV data into your own vulnerability pipelines.

Mar 2, 20265 min read
Incident Analysis

XZ Utils Backdoor: One Year Retrospective

A year after the XZ Utils backdoor was caught by Andres Freund at Microsoft, what did we fix, what did we ignore, and what still gets packaged into Linux distros?

Mar 1, 20267 min read
Open Source Security

Polyglot Monorepo: Unified Supply Chain Program

A 2026 unified supply chain program for polyglot monorepos — bringing Node, Python, Go, Java, and more under one set of policies — anchored by Safeguard.

Feb 28, 20267 min read
open-source (Page 4) — Safeguard Blog