Safeguard
Tag

slsa

Safeguard articles tagged "slsa" — guides, analysis, and best practices for software supply chain and application security.

77 articles

DevSecOps

CI/CD Supply Chain Attacks Explained: Anatomy and Defense

From SolarWinds to tj-actions, CI/CD pipelines are where one foothold reaches thousands of victims. This guide explains the anatomy of a pipeline supply chain attack and the layered defenses that stop it.

Jul 7, 20267 min read
Container Security

Kubernetes Supply Chain Security: Trusting What You Deploy

The path from a git commit to a running pod crosses a dozen systems, each a place to inject malicious code. Here is how to build a chain of custody Kubernetes will actually verify.

Jul 7, 20265 min read
Supply Chain Attacks

Malicious code in scoped npm packages: what the Miasma attack teaches

32 releases under the trusted @redhat-cloud-services npm scope shipped credential-stealing malware in June 2026 — with valid SLSA provenance attached.

Jul 7, 20267 min read
Threat Research

Artifact Tampering and Integrity: Trusting What You Actually Ship

Artifact tampering alters a build output after it leaves source control, so what you deploy differs from what you reviewed. Here is how it works and how to verify integrity.

Jul 5, 20266 min read
Concepts

What Is Software Provenance?

Software provenance is the verifiable record of where an artifact came from and how it was built. Here's what a provenance record contains, how it is proven, and why it stops build-time tampering.

Jul 3, 20266 min read
FAQ

Software Supply Chain Security FAQ: 2026 Answers

Plain answers to the most common questions about software supply chain security in 2026 — what it covers, why SBOMs matter, how SLSA and provenance fit, and where to start.

Jul 1, 20266 min read
Solutions

Software Supply Chain Security for Platform Engineers

Platform engineers turn security from a request into a default. Here is how to build supply chain guardrails into the paved road so the secure path is also the fast one.

Jul 1, 20266 min read
Concepts

What Is SLSA? Supply-chain Levels for Software Artifacts Explained

SLSA is an open framework of graded security levels for build integrity, letting teams prove how a software artifact was produced. Here's how the Build track levels work and how to reach them.

Jul 1, 20266 min read
Container Security

Signing and verifying container images with Sigstore/cosign

How cosign and Sigstore replace long-lived signing keys with short-lived, identity-based certificates and a public transparency log for containers.

Jun 23, 20267 min read
SBOM

What Is SLSA (Supply-chain Levels for Software Artifacts)

SLSA verifies how software was built, not just what is inside it. Here is what the four build levels mean and how it differs from SBOM-only tooling.

Jun 2, 20268 min read
Industry Analysis

Open source security audits: what they cover

What an open source security audit actually covers versus routine SCA scanning, the frameworks that define it, real costs and timelines, and how Aikido Security's approach compares.

Apr 30, 20268 min read
Software Supply Chain Security

Container Image Supply Chain Security Deep Dive 2026

A senior-engineer deep dive into 2026 container image supply chain security: base image risk, provenance, signing, attestation chains, and what actually moves the needle.

Apr 22, 20266 min read
slsa (Page 2) — Safeguard Blog