software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
Django ORM SQL injection edge cases beyond parameterized ...
Django's ORM parameterizes queries by default, but .raw(), .extra(), and annotate() calls create real SQL injection risk. Here's what to check.
Rails YAML deserialization RCE history and CVE-2013-0156 ...
A deep dive into CVE-2013-0156, the Rails YAML deserialization RCE that let attackers execute code via crafted requests, and how to remediate it.
What is a Man-in-the-Browser Attack
Man-in-the-browser malware rewrites transactions inside a victim's own browser, bypassing TLS and OTP 2FA -- here's how it works and how to stop it.
Rails Active Record SQL injection via raw queries and str...
A concrete look at how raw SQL and string interpolation reopen rails active record sql injection risk, from CVE-2012-2695 to modern where-clause and order-by exploits.
What is a Security Compliance Framework
A concrete breakdown of what security compliance frameworks are, which ones software companies actually need, and how long certification really takes.
NestJS dependency injection and module configuration secu...
NestJS's dependency injection container silently governs data isolation and supply-chain trust. Here's how scope, module, and factory misconfigurations turn into real security failures.
State of Open Source Security Report Overview
Open source vulnerabilities tripled in six years, but 70-85% aren't even reachable. A data-driven look at the real state of open source security in 2026.
State of Cloud Security Report Overview
This year's cloud security reports point to the same conclusion: detection isn't the bottleneck anymore — identity sprawl, supply chain risk, and slow remediation are.
Inside the Agentic Development Supply Chain Report
Safeguard's research team analyzed 42,000+ repositories with agentic commit activity, finding new dependency, MCP server, and SBOM gaps introduced by AI coding agents.
The Hidden Cost of AI Code in Financial Services
Banks and fintechs are shipping AI-generated code faster than they can vet it. The bill for that speed is starting to come due.
Log4Shell (CVE-2021-44228) and the supply chain lessons o...
A Log4Shell CVE-2021-44228 analysis covering the JNDI lookup flaw, CVSS 10.0 severity, KEV status, patch timeline, remediation steps, and the transitive dependency lessons it taught.
Generating and exporting a software bill of materials in AWS
A practical walkthrough for generating and exporting an AWS SBOM using Inspector and ECR -- plus troubleshooting tips and how Safeguard helps.