Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

AI Security

Frontier LLM Vendors Are Not Your Supply Chain Security Vendor

Coding agents from OpenAI, Anthropic, and Google are excellent tools. They are also not supply chain security platforms, and the assumption that they can replace one is already producing expensive gaps.

Apr 16, 20267 min read
Application Security

What is Application Security (AppSec)

Application security spans SAST, SCA, secrets and container scanning. See how AppSec differs from DevSecOps, why it's now board-level, and how Safeguard prioritizes fixes.

Apr 16, 20267 min read
Container Security

Image Scanning

How container image scanning works, where tools like Aqua Security's Trivy fall short on noise and reachability, and what modern scanning workflows require.

Apr 16, 20268 min read
Supply Chain

Open Source Dependency Scanners: A Buyer's Checklist

A practical checklist for evaluating an open source dependency scanner — ecosystem coverage, reachability analysis, license detection, and how each handles transitive dependencies.

Apr 14, 20265 min read
Cloud Security

SSDF (Secure Software Development Framework)

NIST SP 800-218 turned SSDF into a federal procurement gate. Here is what it requires, why attestation is mandatory, and where CNAPP tools like Aqua fall short.

Apr 14, 20267 min read
AI Security

Why LLMs Are Structurally Insecure (and What That Means for Your Pipeline)

Language models are not insecure because of a bug you can patch. They are insecure by construction — non-deterministic, context-poisonable, and unreproducible. Here is how to reason about them without pretending otherwise.

Apr 12, 20267 min read
Application Security

ASPM vs CNAPP: collaboration, not collision

ASPM and CNAPP tackle different layers of risk. Here's how Safeguard's application-first approach complements CNAPP platforms like Prisma Cloud.

Apr 12, 20268 min read
Application Security

Application Security Controls Explained

A breakdown of what application security controls actually are, which ones matter most for supply chain risk, and how to prioritize them without alert fatigue.

Apr 11, 20267 min read
AI Security

Why LLM-Based Vulnerability Scanning Needs More Than a Single Model

Large language models are being used to find vulnerabilities in open-source code. But a single model, no matter how capable, isn't enough. Here's why multi-agent orchestration, structured CWE analysis, and deep context matter more than model size.

Apr 10, 202611 min read
Application Security

ASPM best practices for enhancing security posture

ASPM best practices for correlating findings, prioritizing by reachability, and automating remediation — with a concrete look at how Prisma Cloud's approach compares.

Apr 10, 20268 min read
Application Security

Mobile Application Security: Risks & Tools

BLASTPASS, XcodeGhost, and a 2024 OWASP supply-chain category show mobile app security is its own attack surface — here's what to fix first, and with what tools.

Apr 10, 20267 min read
Application Security

ASPM in action: real-world use cases

ASPM use cases from alert fatigue to the XZ Utils backdoor and PCI DSS 4.0 deadlines — what Prisma Cloud's cloud-native approach misses and how code-first ASPM closes the gap.

Apr 10, 20268 min read
software-supply-chain (Page 13) — Safeguard Blog