Safeguard
Tag

software-supply-chain-security

Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

495 articles

Compliance

The 2026 SBOM compliance guide: where a software bill of materials is now required

SBOM requirements have spread from a single US executive order to regulations across sectors and continents. Here's a framework-by-framework map of where you need one in 2026.

Jul 8, 20265 min read
Compliance

DORA compliance for financial services: the software supply chain angle

The Digital Operational Resilience Act is now in force across EU financial services. Here's how its five pillars reach into your software supply chain and ICT third parties.

Jul 8, 20265 min read
Compliance

ISO 27001 application security: the Annex A controls that govern your code

ISO/IEC 27001:2022 added and sharpened Annex A controls for secure development and technical vulnerabilities. Here's how they apply to application and supply chain security.

Jul 7, 20265 min read
Threat Research

Repojacking Explained: Hijacking Abandoned Repository Names

Repojacking lets an attacker claim a renamed or deleted GitHub namespace and serve malicious code to everyone still referencing the old path. Here is how it works.

Jul 7, 20266 min read
FAQ

Comparing Supply Chain Security Platforms (2026): An Honest FAQ

A vendor-neutral 2026 FAQ on comparing software supply chain security platforms — the dimensions that matter, how the major players differ, and how to run a fair bake-off.

Jul 6, 20266 min read
Software Supply Chain Security

npm typosquatting attacks

npm typosquatting turns a single mistyped `npm install` into a live compromise. Real incidents, attack patterns, and defenses that actually catch it.

Jul 6, 20267 min read
Compliance

SOC 2 and software supply chain security: mapping the Trust Services Criteria

SOC 2 never says the words 'software bill of materials,' but auditors increasingly expect supply-chain evidence. Here's how the Trust Services Criteria map to your dependencies.

Jul 6, 20265 min read
Threat Research

Transitive Dependency Risk Explained: The Code You Never Chose

Transitive dependencies are the packages your dependencies pull in, and they make up most of your codebase. Here is why they are risky and how to manage them.

Jul 6, 20266 min read
Concepts

What Is a Security Advisory

A security advisory is an official notice that a product has a security flaw, plus how to fix it. Here is what advisories contain, who issues them, and how to act on one.

Jul 6, 20266 min read
Compliance

ISO 27001 vs SOC 2: Which Certification Matters More

ISO 27001 and SOC 2 answer different questions. Here's how to read both when vetting supply chain security vendors like Snyk and Safeguard.

Jul 6, 20269 min read
Software Supply Chain Security

The SolarWinds Orion supply chain attack explained

How SUNBURST hid inside a signed SolarWinds Orion update, hit 18,000 organizations, and reshaped supply chain security.

Jul 6, 20267 min read
Buyer's Guides

Snyk vs Wiz: Which Platform Fits Your AppSec Needs

Snyk scans code and dependencies, Wiz scans cloud posture — but neither verifies build provenance. Here's where Safeguard fits in the AppSec stack.

Jul 6, 20267 min read
software-supply-chain-security — Safeguard Blog