Safeguard
Tag

software-supply-chain-security

Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

494 articles

Best Practices

What is a Trust Store

Trust stores decide which signatures your systems believe. Here's how they work, why they matter for supply chain security, and how to audit them.

Jan 27, 20266 min read
Best Practices

What is Credential Rotation

Credential rotation limits how long a leaked API key, password, or token stays valid. Here's how it works, how often to do it, and why automation matters.

Jan 26, 20266 min read
DevSecOps

What is a CI/CD Pipeline

A CI/CD pipeline automates code from commit to deployment—but SolarWinds, Codecov, and CircleCI show it's also a top supply-chain attack target.

Jan 25, 20266 min read
Industry Analysis

State of Agentic AI Adoption Report Overview

Safeguard's State of Agentic AI Adoption Report finds 71% of enterprises now run agents with production access, outpacing identity, SBOM, and reachability controls.

Jan 23, 20267 min read
Industry Analysis

Executive Guide to Operationalizing AI Governance

A 2026 look at why AI governance policies keep failing in practice—and the five-pillar operating model executives are using to fix it.

Jan 22, 20267 min read
Software Supply Chain Security

What is Software Supply Chain Risk Scoring

CVSS alone can't tell you what to fix first. Here's how supply chain risk scoring blends exploitability, reachability, and provenance into one actionable number.

Jan 20, 20267 min read
Software Supply Chain Security

What is a Malicious Commit / Compromised Maintainer Account

When an attacker steals a maintainer's credentials, every user of that package inherits the compromise. Here's how it happens and how to catch it.

Jan 19, 20267 min read
Cloud Security

Best practices for rotating secrets stored in Azure Key V...

A practical, step-by-step guide to Azure Key Vault secret rotation best practices, covering rotation policies, automation, and expiration alerts.

Jan 17, 20269 min read
Vulnerability Analysis

lodash prototype pollution via zipObjectDeep (CVE-2020-8203)

CVE-2020-8203 lets attackers pollute Object.prototype via lodash's zipObjectDeep. Learn affected versions, CVSS/EPSS context, and remediation steps.

Jan 12, 20267 min read
Vulnerability Analysis

node-forge prototype pollution/signature verification issue (CVE-2020-7712)

node-forge's RSA signature verification (CVE-2022-24771/24772) and prototype pollution (CVE-2020-7720) let attackers forge trust decisions across X.509, PKCS#7, and PKCS#12 flows.

Jan 6, 20267 min read
Software Supply Chain Security

Securing the payment gateway software supply chain

A single compromised script or dependency can silently harvest card data at checkout. Here's what payment gateway supply chain security actually requires in 2026.

Jan 4, 20267 min read
Software Supply Chain Security

Software supply chain risk in cryptocurrency exchange and...

How compromised wallet SDKs, smart contract dependencies, and stale third-party audits are driving nine-figure crypto exchange breaches like Bybit and Ledger.

Jan 3, 20267 min read
software-supply-chain-security (Page 31) — Safeguard Blog