software-supply-chain-security
Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
494 articles
What is a Trust Store
Trust stores decide which signatures your systems believe. Here's how they work, why they matter for supply chain security, and how to audit them.
What is Credential Rotation
Credential rotation limits how long a leaked API key, password, or token stays valid. Here's how it works, how often to do it, and why automation matters.
What is a CI/CD Pipeline
A CI/CD pipeline automates code from commit to deployment—but SolarWinds, Codecov, and CircleCI show it's also a top supply-chain attack target.
State of Agentic AI Adoption Report Overview
Safeguard's State of Agentic AI Adoption Report finds 71% of enterprises now run agents with production access, outpacing identity, SBOM, and reachability controls.
Executive Guide to Operationalizing AI Governance
A 2026 look at why AI governance policies keep failing in practice—and the five-pillar operating model executives are using to fix it.
What is Software Supply Chain Risk Scoring
CVSS alone can't tell you what to fix first. Here's how supply chain risk scoring blends exploitability, reachability, and provenance into one actionable number.
What is a Malicious Commit / Compromised Maintainer Account
When an attacker steals a maintainer's credentials, every user of that package inherits the compromise. Here's how it happens and how to catch it.
Best practices for rotating secrets stored in Azure Key V...
A practical, step-by-step guide to Azure Key Vault secret rotation best practices, covering rotation policies, automation, and expiration alerts.
lodash prototype pollution via zipObjectDeep (CVE-2020-8203)
CVE-2020-8203 lets attackers pollute Object.prototype via lodash's zipObjectDeep. Learn affected versions, CVSS/EPSS context, and remediation steps.
node-forge prototype pollution/signature verification issue (CVE-2020-7712)
node-forge's RSA signature verification (CVE-2022-24771/24772) and prototype pollution (CVE-2020-7720) let attackers forge trust decisions across X.509, PKCS#7, and PKCS#12 flows.
Securing the payment gateway software supply chain
A single compromised script or dependency can silently harvest card data at checkout. Here's what payment gateway supply chain security actually requires in 2026.
Software supply chain risk in cryptocurrency exchange and...
How compromised wallet SDKs, smart contract dependencies, and stale third-party audits are driving nine-figure crypto exchange breaches like Bybit and Ledger.