Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Open Source Security

Software Dependencies: How to Manage Them at Scale

Most apps run 10-20x more dependencies than engineers chose. Here's how reachability analysis and automation manage that risk at scale.

Apr 2, 20266 min read
Compliance

How to lower FedRAMP certification costs

FedRAMP authorizations cost $250K-$3M and take 12-18 months. See where that spend actually goes, how Chainguard's hardened images fit in, and how to cut costs.

Apr 1, 20266 min read
Open Source Security

What is Open Source Security

Open source powers 70-90% of modern codebases. Learn what open source security means, its real risks, and how reachability analysis cuts through the noise.

Apr 1, 20266 min read
Compliance

FedRAMP High: requirements and readiness

What FedRAMP High actually requires: 421 controls, 12-24 month timelines, and how supply chain security vendors like Chainguard and Safeguard measure up.

Apr 1, 20267 min read
Compliance

FedRAMP compliance checklist: steps, requirements, docume...

A concrete FedRAMP compliance checklist: steps, documentation, timelines, and how supply chain evidence like Chainguard images and Safeguard SBOMs fits in.

Apr 1, 20267 min read
Compliance

FedRAMP vulnerability scanning requirements explained

FedRAMP mandates monthly vulnerability scans and 30-day remediation windows. Here's what Rev 5 requires, and why minimal images like Chainguard's don't exempt you.

Apr 1, 20267 min read
Compliance

CMMC 2.0 compliance for containerized workloads

CMMC 2.0 enforcement is phasing in through 2028. Hardened container images help, but 35+ of 110 NIST 800-171 controls need continuous evidence Chainguard's approach doesn't cover.

Mar 31, 20268 min read
Open Source Security

Wolfi: the community Linux 'undistro'

Wolfi calls itself an "undistro," not a distro — and it's the open-source foundation under Chainguard Images. Here's what that actually means, and where the gaps are.

Mar 31, 20267 min read
Open Source Security

apko and melange: declarative container build tools

How Chainguard's apko and melange replace Dockerfiles with declarative, reproducible builds — and where the security claims need independent verification.

Mar 30, 20268 min read
Vulnerability Analysis

What is Path Traversal

Path traversal (CWE-22) lets attackers escape a web root using ../ sequences to read or write arbitrary files. Here's how it works, real breaches, and fixes.

Mar 30, 20266 min read
SBOM

SBOM standards and formats compared (SPDX vs CycloneDX vs...

SPDX, CycloneDX, and Syft JSON aren't interchangeable. A concrete breakdown of what each format is for, where Anchore's Syft defaults, and how Safeguard handles both.

Mar 30, 20268 min read
SBOM

How to generate an SBOM with free open source tools

Free tools like Syft and Trivy can generate an SBOM in minutes. Here's exactly how, where open source tooling stops scaling, and how Safeguard fills the gap.

Mar 29, 20267 min read
software-supply-chain (Page 15) — Safeguard Blog