Safeguard
Tag

software-supply-chain-security

Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

494 articles

Buyer's Guides

Best secrets detection tools for source code repositories

A practical, no-hype comparison of secrets detection tools for source code repos — evaluation criteria, five real vendors reviewed fairly, and how Safeguard fits in.

Nov 18, 20259 min read
Buyer's Guides

Best software supply chain attestation tools

A practical, no-hype comparison of software supply chain attestation tools — in-toto, Sigstore, GUAC, GitHub, JFrog, and Chainguard — plus how to pick the right fit.

Nov 18, 20257 min read
Buyer's Guides

Best open source software composition analysis (SCA) tools

A practical comparison of the best open source SCA tools — vulnerability coverage, license scanning, and CI/CD fit — with honest strengths and limitations for each.

Nov 17, 20258 min read
Open Source Security

NuGet typosquatting campaign report

Four disclosed NuGet typosquatting campaigns since 2024 reveal a shift toward patient, audience-specific attacks — from ICS time bombs to wallet-draining homoglyphs.

Nov 15, 20257 min read
Buyer's Guides

Best CVE tracking and monitoring tools

A field guide to CVE tracking tools -- from NVD and OSV.dev to Snyk, Tenable, and Qualys -- with honest pros, cons, and how Safeguard adds supply-chain context.

Nov 14, 20257 min read
Software Supply Chain Security

Best software supply chain security platforms

A practical buyer's guide comparing top software supply chain security platforms—SBOM, dependency scanning, and CI/CD attestation—so you can pick the right fit.

Nov 13, 20257 min read
Engineering

Homebrew Formula Security for Engineering Teams

Every brew install runs Ruby you didn't read on a laptop that holds your SSH keys and cloud credentials. How formulae, taps, casks and bottles actually differ in risk.

Nov 12, 20256 min read
Buyer's Guides

Best SBOM validation and diffing tools

A practical buyer's guide to SBOM validation tools -- covering schema checks, quality scoring, and diffing -- with an honest look at six real tools and their tradeoffs.

Nov 10, 20258 min read
Buyer's Guides

Best reproducible build tools

A practical buyer's guide to reproducible build tools -- evaluation criteria, six real tools compared honestly, and how continuous verification closes the gap.

Nov 10, 20257 min read
Software Supply Chain Security

Malicious VS Code extensions report

150+ malicious VS Code extensions have been pulled from marketplaces since 2024. Here's how the attacks work — and how to defend against them.

Nov 9, 20258 min read
Software Supply Chain Security

Terraform Registry module vulnerability trends

Registry-wide analysis shows a rising share of Terraform modules carry stale provider pins and insecure defaults — here's what's driving it and how to respond.

Nov 9, 20257 min read
Software Supply Chain Security

Homebrew formula security incidents

A timeline of Homebrew formula security incidents — from the 2018 Jenkins token leak to 2026's Trivy tap compromise — and what Homebrew's Tap Trust fix means for security teams.

Nov 9, 20258 min read
software-supply-chain-security (Page 34) — Safeguard Blog