Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

DevSecOps

Developer infrastructure posture: integrating ASPM early

Prisma Cloud built ASPM outward from the cloud. Real breaches like tj-actions and SolarWinds start earlier, in developer infrastructure that needs its own continuous posture model.

Apr 10, 20267 min read
DevSecOps

What Is the CI/CD Pipeline (and CI/CD security)?

CI/CD pipelines now hold more privileged access than any other system — yet they're the least monitored. Here's what CI/CD pipeline security really requires.

Apr 9, 20267 min read
AI Security

LLM Traces and Evals: The Missing Layer in AI Supply Chain Security

Prompt traces and offline evals are standard hygiene for ML teams, but almost nobody treats them as supply chain telemetry. They should be. Here's how traces and evals plug into SBOM and reachability as a fourth security signal.

Apr 8, 20267 min read
Application Security

Application Security: a practitioner's guide

A practitioner's guide to application security: SAST, SCA, secrets, and supply chain integrity—plus how Safeguard compares to Prisma Cloud's CNAPP.

Apr 8, 20268 min read
Industry Analysis

Top cloud data security solutions

Prisma Cloud's DSPM bolts data classification onto a 30-module CNAPP after resources already exist in the cloud. Here's why that misses the supply chain risks that matter most.

Apr 8, 20268 min read
Industry Analysis

Forecasting the cloud security landscape (annual predicti...

Where does cloud security head into 2027? We break down six concrete predictions on CNAPP consolidation, supply chain risk, and Prisma Cloud gaps.

Apr 8, 20267 min read
Cloud Security

What Is CNAPP? (Cloud-Native Application Protection Platf...

CNAPP unifies CSPM, CWPP, CIEM, and app security into one platform. Here's the Gartner-defined pillars, how Prisma Cloud stacks up, and the supply-chain gap it leaves.

Apr 6, 20268 min read
Application Security

Attack Surface Management (ASM): best practices guide

A practical attack surface management best practices guide for software supply chains, covering SBOMs, base image hardening, CI/CD exposure, and a 90-day rollout plan.

Apr 4, 20268 min read
Open Source Security

What Are Transitive Dependencies

Transitive dependencies are the packages your code never directly imports but inherits anyway — and where 84% of open source CVEs actually live.

Apr 3, 20266 min read
Open Source Security

Direct vs Transitive Dependencies

Most known vulnerabilities live in transitive dependencies, not the ones in your manifest. Here's how to tell them apart and prioritize what's exploitable.

Apr 3, 20267 min read
Vulnerability Management

A guide to modern vulnerability scanning

Scanners disagree, CVE volume is exploding, and hardened base images solve only one layer. Here's how modern vulnerability scanning actually works — and where prioritization beats raw CVE counts.

Apr 3, 20268 min read
Open Source Security

Types of Open Source Licenses

A breakdown of permissive, copyleft, and source-available license types—MIT, GPL, AGPL, SSPL—and why misclassified licenses create hidden supply chain risk.

Apr 2, 20267 min read
software-supply-chain (Page 14) — Safeguard Blog