Safeguard
Tag

Security

Safeguard articles tagged "Security" — guides, analysis, and best practices for software supply chain and application security.

58 articles

Software Supply Chain Security

Software Supply Chain Forensics: Investigation Techniques After a Compromise

When a supply chain compromise is confirmed or suspected, forensic investigation must trace the attack path through dependencies, build systems, and artifacts. This guide covers the methodology.

Nov 12, 20227 min read
SBOM

Generating SBOMs from Container Images: A Practical Guide

Container images are opaque by default. Here's how to crack them open with SBOMs to see exactly what's running in production.

Oct 8, 20227 min read
Dependency Management

Migrating Dependencies for Security: A Step-by-Step Guide

When a dependency becomes a security liability, migration is the only real fix. Here is a structured approach to dependency migration that minimizes risk and disruption.

Sep 28, 20226 min read
Open Source Security

Open Source Funding Models and Their Impact on Security

The way open source projects get funded directly shapes their security outcomes. From corporate sponsorship to bounty programs, each model creates different incentives and blind spots.

May 22, 20227 min read
SBOM

CycloneDX Specification Deep Dive: Beyond the Basics

CycloneDX is more than a component list. This deep dive covers services, vulnerabilities, compositions, and the parts of the spec most teams overlook.

May 12, 20226 min read
Container Security

Container Image Vulnerabilities: 2021 Year in Review

Container security matured significantly in 2021, but the vulnerability landscape in base images, registries, and runtime configurations remains concerning.

Dec 22, 20216 min read
DevSecOps

GitHub Actions Security: Hidden Supply Chain Risks

GitHub Actions workflows execute third-party code with access to your repository secrets. Most teams don't realize how much trust they're placing in action authors.

Sep 25, 20215 min read
Application Security

Regular Expression Denial of Service (ReDoS): When Patterns Attack

A single poorly written regex can take down your server. ReDoS is a subtle denial-of-service vulnerability hiding in dependencies you have never audited.

Aug 20, 20214 min read
Open Source Security

Open Source Security: State of the Union 2021

Open source powers the modern internet, but its security model is under strain. Here's the 2021 landscape of open source risk, from funding to maintainer burnout to malicious packages.

Aug 1, 20216 min read
Application Security

MessagePack Security Implications: Binary Serialization Risks

MessagePack is faster than JSON but shares some of JSON's security pitfalls while adding new ones. Here is what to watch for.

Jun 25, 20215 min read
Security (Page 5) — Safeguard Blog