Safeguard
Tag

software-supply-chain-security

Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

494 articles

Tools

Snyk vs Aikido Comparison

Snyk vs Aikido compared on pricing, vulnerability database size, alert noise, CI/CD setup, and enterprise fit — with concrete numbers.

Feb 20, 20267 min read
Software Supply Chain Security

How to configure GitHub branch protection rules

A practical guide to configuring GitHub branch protection rules — required reviews, status checks, and security settings that keep your main branch safe.

Feb 18, 20268 min read
Best Practices

What is TLS/SSL

TLS/SSL encrypts data in transit, but outdated versions and unpatched libraries like Heartbleed-era OpenSSL still expose real risk today.

Feb 17, 20266 min read
Software Supply Chain Security

How to set up signed commits with GPG

A step-by-step guide to set up GPG signed commits in Git: generate a key, configure Git, publish it to GitHub, verify signatures, and fix common errors.

Feb 17, 20267 min read
Software Supply Chain Security

How to implement software supply chain security with SLSA

A step-by-step guide to implement SLSA supply chain security: map risk, generate signed provenance, and enforce verification before deploy.

Feb 17, 20268 min read
Best Practices

What is SOAR

SOAR explained: what Security Orchestration, Automation, and Response actually does, how it differs from SIEM, and where it fits in supply chain security.

Feb 16, 20267 min read
Best Practices

What is an Intrusion Detection System (IDS)

An IDS detects malicious network or host activity after it happens. Learn what an IDS is, how it differs from an IPS, and why supply chain attacks need more.

Feb 16, 20267 min read
Best Practices

What is an Intrusion Prevention System (IPS)

An IPS blocks malicious traffic inline in real time, but it can't stop supply chain attacks hidden inside trusted code and dependencies.

Feb 16, 20267 min read
Best Practices

What is a Honeypot

A honeypot is a decoy system or credential built to lure attackers so defenders can detect, delay, and study intrusions before real assets are touched.

Feb 13, 20267 min read
Engineering

npm Provenance Statements: What They Prove and What They Don't

npm provenance ties a package to the commit and CI run that built it. That's genuinely useful — and narrower than most teams assume. Here's the exact boundary.

Feb 11, 20266 min read
Vulnerability Management

How to set up a vulnerability management program

A step-by-step guide to setting up a vulnerability management program: scanning schedules, risk-based triage, patch management, and metrics that hold up in an audit.

Feb 11, 20268 min read
Vulnerability Analysis

The Shai-Hulud npm Supply Chain Attack Explained

How the Shai-Hulud worm turned compromised npm maintainer tokens into a self-replicating supply chain attack, and how to detect and remediate it.

Feb 11, 20268 min read
software-supply-chain-security (Page 28) — Safeguard Blog