Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Product

CI/CD pipeline dependency security integration coverage

How does Safeguard's pipeline-native dependency security compare to Socket.dev's PR-comment model? A concrete look at coverage, enforcement, and deployment options.

May 13, 20267 min read
Compliance

Cheat sheet: meeting security compliance standards

A concrete, numbers-first cheat sheet for SOC 2, ISO 27001, PCI DSS 4.0, and SBOM mandates — deadlines, timelines, and audit gaps that actually matter.

May 12, 20267 min read
Buyer's Guides

Socket.dev vs Snyk: SCA feature comparison

Socket.dev flags risky OSS packages; Snyk scans for known CVEs. See how Safeguard unifies both approaches into one supply chain security workflow.

May 11, 20267 min read
Compliance

EU Cyber Resilience Act: what developers need to know

The EU Cyber Resilience Act sets hard deadlines starting Sept 2026 for SBOMs, vulnerability reporting, and patching. Here's what developers must build.

May 11, 20267 min read
Industry Analysis

Malicious postinstall scripts in npm packages

From eslint-scope in 2018 to the 2025 Shai-Hulud worm, npm postinstall scripts keep delivering malware before any scan or review runs. Here's how it works and what stops it.

May 10, 20267 min read
Threat Intelligence

Malicious NuGet package campaigns targeting developers

Socket.dev has tracked malicious NuGet packages stealing wallets, banking credentials, and sabotaging industrial systems. See how Safeguard catches them first.

May 10, 20268 min read
Open Source Security

5 risks of using open source software

Five documented open source risks — from Log4Shell to the XZ Utils backdoor — with real incidents, dates, and CVEs, plus how Safeguard closes the gap.

May 9, 20267 min read
Open Source Security

GPL vs MIT vs Apache: license security and compliance implications

Redis, Vizio, and Cisco show how GPL, MIT, and Apache 2.0 licenses create real legal and compliance exposure across your software supply chain.

May 9, 20267 min read
AI Security

Prompt injection attacks against AI coding/security tools

AI coding assistants like Copilot and Cursor can be hijacked by hidden text in files, comments, and packages. Here's how prompt injection malware works and how Safeguard detects it.

May 9, 20266 min read
Open Source Security

SPDX vs CycloneDX: comparing SBOM formats

SPDX and CycloneDX both satisfy federal SBOM rules, but they solve different problems. Here's how they actually differ — with real specs, dates, and tooling.

May 8, 20267 min read
Compliance

FDA SBOM requirements for medical device software

Since Oct 2023 the FDA can reject medical device submissions missing a compliant SBOM. Here's what Section 524B actually requires, in plain terms.

May 8, 20267 min read
Compliance

Software supply chain compliance for federal contractors

CMMC 2.0, OMB M-22-18, and SBOM mandates now hit federal contractors with overlapping deadlines and evidence demands — here's what's actually required.

May 8, 20267 min read
software-supply-chain (Page 10) — Safeguard Blog