software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
Software Dependencies: How to Manage Them at Scale
Most apps run 10-20x more dependencies than engineers chose. Here's how reachability analysis and automation manage that risk at scale.
How to lower FedRAMP certification costs
FedRAMP authorizations cost $250K-$3M and take 12-18 months. See where that spend actually goes, how Chainguard's hardened images fit in, and how to cut costs.
What is Open Source Security
Open source powers 70-90% of modern codebases. Learn what open source security means, its real risks, and how reachability analysis cuts through the noise.
FedRAMP High: requirements and readiness
What FedRAMP High actually requires: 421 controls, 12-24 month timelines, and how supply chain security vendors like Chainguard and Safeguard measure up.
FedRAMP compliance checklist: steps, requirements, docume...
A concrete FedRAMP compliance checklist: steps, documentation, timelines, and how supply chain evidence like Chainguard images and Safeguard SBOMs fits in.
FedRAMP vulnerability scanning requirements explained
FedRAMP mandates monthly vulnerability scans and 30-day remediation windows. Here's what Rev 5 requires, and why minimal images like Chainguard's don't exempt you.
CMMC 2.0 compliance for containerized workloads
CMMC 2.0 enforcement is phasing in through 2028. Hardened container images help, but 35+ of 110 NIST 800-171 controls need continuous evidence Chainguard's approach doesn't cover.
Wolfi: the community Linux 'undistro'
Wolfi calls itself an "undistro," not a distro — and it's the open-source foundation under Chainguard Images. Here's what that actually means, and where the gaps are.
apko and melange: declarative container build tools
How Chainguard's apko and melange replace Dockerfiles with declarative, reproducible builds — and where the security claims need independent verification.
What is Path Traversal
Path traversal (CWE-22) lets attackers escape a web root using ../ sequences to read or write arbitrary files. Here's how it works, real breaches, and fixes.
SBOM standards and formats compared (SPDX vs CycloneDX vs...
SPDX, CycloneDX, and Syft JSON aren't interchangeable. A concrete breakdown of what each format is for, where Anchore's Syft defaults, and how Safeguard handles both.
How to generate an SBOM with free open source tools
Free tools like Syft and Trivy can generate an SBOM in minutes. Here's exactly how, where open source tooling stops scaling, and how Safeguard fills the gap.