software-supply-chain-security
Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
494 articles
Snyk vs Aikido Comparison
Snyk vs Aikido compared on pricing, vulnerability database size, alert noise, CI/CD setup, and enterprise fit — with concrete numbers.
How to configure GitHub branch protection rules
A practical guide to configuring GitHub branch protection rules — required reviews, status checks, and security settings that keep your main branch safe.
What is TLS/SSL
TLS/SSL encrypts data in transit, but outdated versions and unpatched libraries like Heartbleed-era OpenSSL still expose real risk today.
How to set up signed commits with GPG
A step-by-step guide to set up GPG signed commits in Git: generate a key, configure Git, publish it to GitHub, verify signatures, and fix common errors.
How to implement software supply chain security with SLSA
A step-by-step guide to implement SLSA supply chain security: map risk, generate signed provenance, and enforce verification before deploy.
What is SOAR
SOAR explained: what Security Orchestration, Automation, and Response actually does, how it differs from SIEM, and where it fits in supply chain security.
What is an Intrusion Detection System (IDS)
An IDS detects malicious network or host activity after it happens. Learn what an IDS is, how it differs from an IPS, and why supply chain attacks need more.
What is an Intrusion Prevention System (IPS)
An IPS blocks malicious traffic inline in real time, but it can't stop supply chain attacks hidden inside trusted code and dependencies.
What is a Honeypot
A honeypot is a decoy system or credential built to lure attackers so defenders can detect, delay, and study intrusions before real assets are touched.
npm Provenance Statements: What They Prove and What They Don't
npm provenance ties a package to the commit and CI run that built it. That's genuinely useful — and narrower than most teams assume. Here's the exact boundary.
How to set up a vulnerability management program
A step-by-step guide to setting up a vulnerability management program: scanning schedules, risk-based triage, patch management, and metrics that hold up in an audit.
The Shai-Hulud npm Supply Chain Attack Explained
How the Shai-Hulud worm turned compromised npm maintainer tokens into a self-replicating supply chain attack, and how to detect and remediate it.