software-supply-chain-security
Safeguard articles tagged "software-supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
494 articles
Cursor's AI security agents: what they get right and what's missing
Cursor's Bugbot and MCP agents catch real bugs, but CurXecute and MCPoison show they open new attack surfaces SCA tools never had to face.
Software Dependency Cooldown Policies
A dependency cooldown policy delays new package versions for a set window so the ecosystem can catch malicious releases before they reach your build pipeline.
Sonatype SBOM Manager Overview
A concrete look at Sonatype SBOM Manager — its origins, pricing model, VEX support, and common adoption gaps — for teams evaluating an SBOM manager tool.
The Economics of Vulnerability Backlogs
A vulnerability backlog is an inventory problem with interest payments. Triage costs, carrying costs, and why fixing by EPSS beats fixing by CVSS on pure ROI.
Shadow Risks: Unmanaged and Unauthorized Dependencies
Shadow dependencies risk management is now core to SBOM strategy. See how unmanaged, unauthorized open source packages cause breaches Sonatype-style scans miss.
What Is Open Source Malware
Open source malware is code deliberately planted in packages to attack the systems that install it. Learn how it spreads, real incidents, and how it differs from CVEs.
Dependabot Alternatives in 2026: An Honest Buyer's Guide
An honest guide to Dependabot alternatives in 2026 — Renovate, Snyk, Socket, Endor Labs, Mend, and Safeguard — covering dependency updates, reachability analysis, malicious-package detection, and software supply chain security.
Best Container Base Images for Security in 2026
Chainguard, distroless, Alpine, UBI micro, Ubuntu chiseled, and scratch, compared on CVE counts, size, libc, and the operational costs nobody puts in the marketing.
PyPI Malware News: What's Happening and How to Detect It
PyPI malware news keeps repeating the same pattern — typosquats, compromised maintainer accounts, and post-install scripts that exfiltrate credentials — here's how to actually catch it.
What Is Perimeter Protection in Application Security
Perimeter protection screens packages at the gate — but xz-utils, SolarWinds, and event-stream all slipped past firewalls. Here's what it catches, and what it misses.
The CWE Top 25 most dangerous software weaknesses
MITRE's 2023 CWE Top 25 ranks the software weaknesses behind 43,996 CVEs. Here's how it's scored, what moved, and how to prioritize fixes.
SAST vs DAST: static and dynamic application security tes...
SAST catches insecure code before deploy; DAST tests running apps after. We compare both against JFrog's Artifactory-first model and Safeguard's supply-chain-native approach.