Safeguard
Tag

software-supply-chain-security

Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

494 articles

Tools

Best SBOM Generators Ranked by Accuracy 2026

Syft, Trivy, cdxgen, and Microsoft sbom-tool measured against known dependency ground truth across four ecosystems. The accuracy spread is wider than you think.

Feb 9, 20266 min read
Open Source Security

What is Open Source Software

Open source software now sits in 96% of codebases. Here's what OSS actually is, how licensing works, and where the real security risk hides.

Feb 9, 20268 min read
Open Source Security

What is npm Security

A concrete look at npm security: real 2025 supply chain attacks on chalk and debug, the Shai-Hulud worm, and how teams actually defend the npm dependency tree.

Feb 8, 20268 min read
DevSecOps

What is a Monorepo

A monorepo houses many projects in one repository. Learn how Google, Meta, and Microsoft use them, and the blast-radius risks security teams must manage.

Feb 7, 20266 min read
Tools

Best Kubernetes Admission Controllers for Supply Chain Security

Kyverno, OPA Gatekeeper, Sigstore policy-controller, Ratify, or plain CEL? A field guide to admission controllers that actually block unsigned and vulnerable images.

Feb 7, 20266 min read
Best Practices

What is Threat Detection

Threat detection means spotting active attacks before they succeed. See real dwell-time data, CVE examples, and detection metrics that matter.

Feb 7, 20266 min read
Application Security

What is Secure by Design

Secure by Design turns CISA's 2023 guidance and pledge into concrete practice: memory-safe code, no default passwords, and verifiable SBOMs over marketing claims.

Feb 6, 20267 min read
Application Security

What is Secure by Default

Secure by default means software ships in its safest state out of the box. See real breaches, standards, and pledges driving this shift.

Feb 6, 20266 min read
Software Supply Chain Security

Cargo.lock integrity and reproducible builds as a supply ...

Cargo.lock pins your dependency tree, but only reproducible builds prove the binary you ship matches the source you reviewed and approved.

Feb 5, 20268 min read
Software Supply Chain Security

Case study: crates.io maintainer account takeover and mal...

How a compromised maintainer credential becomes a crates.io account takeover and a malicious crate version in the Rust software supply chain.

Feb 4, 20269 min read
Open Source Security

What is Binary Composition Analysis

Binary composition analysis identifies open source components inside compiled artifacts—no source code needed. Here's how it works and why it matters.

Feb 4, 20267 min read
Software Supply Chain Security

Go module proxy security: how GOPROXY and sum.golang.org ...

How GOPROXY and sum.golang.org protect Go builds with caching and checksum verification, and where trust-on-first-use gaps let malicious modules slip through.

Feb 4, 20267 min read
software-supply-chain-security (Page 29) — Safeguard Blog