software-supply-chain-security
Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
494 articles
Best SBOM Generators Ranked by Accuracy 2026
Syft, Trivy, cdxgen, and Microsoft sbom-tool measured against known dependency ground truth across four ecosystems. The accuracy spread is wider than you think.
What is Open Source Software
Open source software now sits in 96% of codebases. Here's what OSS actually is, how licensing works, and where the real security risk hides.
What is npm Security
A concrete look at npm security: real 2025 supply chain attacks on chalk and debug, the Shai-Hulud worm, and how teams actually defend the npm dependency tree.
What is a Monorepo
A monorepo houses many projects in one repository. Learn how Google, Meta, and Microsoft use them, and the blast-radius risks security teams must manage.
Best Kubernetes Admission Controllers for Supply Chain Security
Kyverno, OPA Gatekeeper, Sigstore policy-controller, Ratify, or plain CEL? A field guide to admission controllers that actually block unsigned and vulnerable images.
What is Threat Detection
Threat detection means spotting active attacks before they succeed. See real dwell-time data, CVE examples, and detection metrics that matter.
What is Secure by Design
Secure by Design turns CISA's 2023 guidance and pledge into concrete practice: memory-safe code, no default passwords, and verifiable SBOMs over marketing claims.
What is Secure by Default
Secure by default means software ships in its safest state out of the box. See real breaches, standards, and pledges driving this shift.
Cargo.lock integrity and reproducible builds as a supply ...
Cargo.lock pins your dependency tree, but only reproducible builds prove the binary you ship matches the source you reviewed and approved.
Case study: crates.io maintainer account takeover and mal...
How a compromised maintainer credential becomes a crates.io account takeover and a malicious crate version in the Rust software supply chain.
What is Binary Composition Analysis
Binary composition analysis identifies open source components inside compiled artifacts—no source code needed. Here's how it works and why it matters.
Go module proxy security: how GOPROXY and sum.golang.org ...
How GOPROXY and sum.golang.org protect Go builds with caching and checksum verification, and where trust-on-first-use gaps let malicious modules slip through.