Safeguard
Tag

software-supply-chain-security

Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

494 articles

Software Supply Chain Security

The Codecov Bash uploader breach

How a Docker image flaw let attackers tamper with Codecov's Bash Uploader for 65 days, exfiltrating CI secrets from HashiCorp, Twilio, and more.

Jul 6, 20267 min read
Software Supply Chain Security

3CX DesktopApp supply chain compromise

How North Korea-linked hackers turned a signed, trusted 3CX VoIP installer into malware — and the double supply chain attack that made it possible.

Jul 6, 20266 min read
Buyer's Guides

Snyk vs Aikido Security Comparison

Comparing Snyk and Aikido as code scanners misses the bigger question: can you prove what actually shipped? Here's where Safeguard's supply chain security fits.

Jul 6, 20267 min read
Threat Research

Artifact Tampering and Integrity: Trusting What You Actually Ship

Artifact tampering alters a build output after it leaves source control, so what you deploy differs from what you reviewed. Here is how it works and how to verify integrity.

Jul 5, 20266 min read
Compliance

The NIST Secure Software Development Framework (SSDF), explained

NIST SP 800-218 is the framework behind federal secure-development attestations. Here's what its four practice groups ask of you and how to produce the evidence.

Jul 5, 20265 min read
Software Supply Chain Security

The XZ Utils backdoor CVE-2024-3094 explained

CVE-2024-3094 hid a remote-access backdoor inside xz-utils via a years-long social engineering campaign. Here's the timeline, impact, and fix.

Jul 5, 20267 min read
Buyer's Guides

Snyk vs SonarQube for SAST

Snyk Code and SonarQube both do SAST, but neither started as a supply chain security platform. Here's how their approaches differ, and where Safeguard fits.

Jul 5, 20268 min read
Software Supply Chain Security

event-stream npm package backdoor incident

How a routine maintainer handoff let attackers slip a Bitcoin-stealing backdoor into event-stream, hitting millions of npm installs for ten weeks.

Jul 5, 20267 min read
Software Supply Chain Security

ua-parser-js npm hijack incident

In 2021, a hijacked npm account pushed cryptomining and password-stealing malware into ua-parser-js for 4 hours. Here's what happened and how to catch it faster.

Jul 5, 20266 min read
Buyer's Guides

Snyk Pricing: Is It Worth the Cost

Snyk's tiered, per-seat pricing looks simple until you scale. A buyer's-guide breakdown of what drives Snyk's total cost, and how Safeguard approaches supply chain security pricing differently.

Jul 5, 20267 min read
Software Supply Chain Security

colors.js and faker.js protestware sabotage

In 2022, maintainer Marak Squires turned colors.js and faker.js into protestware, breaking 19,000+ npm projects and coining a new supply chain threat term.

Jul 5, 20266 min read
Application Security

What Is Application Security (AppSec) 101

AppSec used to mean scanning code for known bugs. Here's why that's no longer enough, what CVE-matching tools like Snyk miss, and what a real supply chain security program requires.

Jul 5, 20267 min read
software-supply-chain-security (Page 2) — Safeguard Blog