software-supply-chain-security
Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
495 articles
The 2026 SBOM compliance guide: where a software bill of materials is now required
SBOM requirements have spread from a single US executive order to regulations across sectors and continents. Here's a framework-by-framework map of where you need one in 2026.
DORA compliance for financial services: the software supply chain angle
The Digital Operational Resilience Act is now in force across EU financial services. Here's how its five pillars reach into your software supply chain and ICT third parties.
ISO 27001 application security: the Annex A controls that govern your code
ISO/IEC 27001:2022 added and sharpened Annex A controls for secure development and technical vulnerabilities. Here's how they apply to application and supply chain security.
Repojacking Explained: Hijacking Abandoned Repository Names
Repojacking lets an attacker claim a renamed or deleted GitHub namespace and serve malicious code to everyone still referencing the old path. Here is how it works.
Comparing Supply Chain Security Platforms (2026): An Honest FAQ
A vendor-neutral 2026 FAQ on comparing software supply chain security platforms — the dimensions that matter, how the major players differ, and how to run a fair bake-off.
npm typosquatting attacks
npm typosquatting turns a single mistyped `npm install` into a live compromise. Real incidents, attack patterns, and defenses that actually catch it.
SOC 2 and software supply chain security: mapping the Trust Services Criteria
SOC 2 never says the words 'software bill of materials,' but auditors increasingly expect supply-chain evidence. Here's how the Trust Services Criteria map to your dependencies.
Transitive Dependency Risk Explained: The Code You Never Chose
Transitive dependencies are the packages your dependencies pull in, and they make up most of your codebase. Here is why they are risky and how to manage them.
What Is a Security Advisory
A security advisory is an official notice that a product has a security flaw, plus how to fix it. Here is what advisories contain, who issues them, and how to act on one.
ISO 27001 vs SOC 2: Which Certification Matters More
ISO 27001 and SOC 2 answer different questions. Here's how to read both when vetting supply chain security vendors like Snyk and Safeguard.
The SolarWinds Orion supply chain attack explained
How SUNBURST hid inside a signed SolarWinds Orion update, hit 18,000 organizations, and reshaped supply chain security.
Snyk vs Wiz: Which Platform Fits Your AppSec Needs
Snyk scans code and dependencies, Wiz scans cloud posture — but neither verifies build provenance. Here's where Safeguard fits in the AppSec stack.