plugins
Safeguard articles tagged "plugins" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Jenkins Supply Chain Security Baseline 2026
A 2026 supply chain security baseline for Jenkins: plugin hygiene, agent isolation, Pipeline-as-Code discipline, credentials, and provenance integration.
JetBrains Plugin Security in 2026
JetBrains IDEs have a smaller plugin ecosystem than VS Code, but the security model is similar and the risks rhyme. Here is what to watch in 2026.
Fastify Security Posture in 2024
Fastify hit version 5.0 in September 2024 with a slimmer core, a plugin model that encourages correctness, and a security track record that genuinely distinguishes it from the Express crowd. Here is what I have learned auditing Fastify apps this year.
Gradle Plugin Security Risks: The Code That Runs Before Your Code
Gradle plugins execute during your build with full access to your environment. Most teams never audit them. Here is why that is dangerous.
ChatGPT Plugins and the New Plugin Supply Chain Attack Surface
AI plugins connect LLMs to external services, creating a supply chain of trust that most users never examine. The risks are significant.