Security
Safeguard articles tagged "Security" — guides, analysis, and best practices for software supply chain and application security.
58 articles
Software Supply Chain Forensics: Investigation Techniques After a Compromise
When a supply chain compromise is confirmed or suspected, forensic investigation must trace the attack path through dependencies, build systems, and artifacts. This guide covers the methodology.
Generating SBOMs from Container Images: A Practical Guide
Container images are opaque by default. Here's how to crack them open with SBOMs to see exactly what's running in production.
Migrating Dependencies for Security: A Step-by-Step Guide
When a dependency becomes a security liability, migration is the only real fix. Here is a structured approach to dependency migration that minimizes risk and disruption.
Open Source Funding Models and Their Impact on Security
The way open source projects get funded directly shapes their security outcomes. From corporate sponsorship to bounty programs, each model creates different incentives and blind spots.
CycloneDX Specification Deep Dive: Beyond the Basics
CycloneDX is more than a component list. This deep dive covers services, vulnerabilities, compositions, and the parts of the spec most teams overlook.
Container Image Vulnerabilities: 2021 Year in Review
Container security matured significantly in 2021, but the vulnerability landscape in base images, registries, and runtime configurations remains concerning.
GitHub Actions Security: Hidden Supply Chain Risks
GitHub Actions workflows execute third-party code with access to your repository secrets. Most teams don't realize how much trust they're placing in action authors.
Regular Expression Denial of Service (ReDoS): When Patterns Attack
A single poorly written regex can take down your server. ReDoS is a subtle denial-of-service vulnerability hiding in dependencies you have never audited.
Open Source Security: State of the Union 2021
Open source powers the modern internet, but its security model is under strain. Here's the 2021 landscape of open source risk, from funding to maintainer burnout to malicious packages.
MessagePack Security Implications: Binary Serialization Risks
MessagePack is faster than JSON but shares some of JSON's security pitfalls while adding new ones. Here is what to watch for.