software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
What Is a Build Artifact?
A build artifact is the packaged output your build process produces from source code. Here is why artifacts are a critical supply chain checkpoint and how to verify their provenance.
node-ipc 'Protestware' Sabotage Code Shipped to Millions ...
How a rogue node-ipc update turned a trusted npm dependency into disk-wiping protestware, and what CVE-2022-23812 means for your supply chain.
Malicious npm packages targeting developers in 2025
A year-end look at 2025's npm supply chain attacks—chalk/debug phishing, the Shai-Hulud worm, and industrialized malware campaigns—and how to defend against them.
NuGet Package Manager Tampering / Spoofing Vulnerability ...
CVE-2019-0757 lets an authenticated attacker tamper with NuGet package contents on Linux/Mac. CVSS 6.5. Affected versions, timeline, and fixes inside.
Apache Ant 'Get' Task Certificate Validation Failure (CVE...
CVE-2020-1945 exposes insecure temp-file handling in Apache Ant, risking data leaks and build-tampering. Affected versions, CVSS/EPSS context, and fixes inside.
Git safe.directory Bypass Enabling Code Execution on Mult...
CVE-2022-24765 let local users on shared Windows systems bypass Git's ownership checks and trigger code execution via malicious repo configs. Here's the full breakdown.
Git Local Clone Information Disclosure via Hardlinks (CVE...
CVE-2022-39253 abuses Git's local clone hardlink optimization to leak files from outside a repository. Here's the impact, fix, and how to stay protected.
SaltStack Directory Traversal Paired With Auth Bypass (CV...
CVE-2020-11652, a directory traversal flaw in SaltStack's salt-master, paired with an auth bypass to enable full remote compromise. Impact, CVSS/KEV context, and fixes.
Sonatype Nexus Repository Unauthenticated RCE via REST AP...
A deep dive into CVE-2019-7238, the unauthenticated RCE in Sonatype Nexus Repository Manager 3 that fueled cryptomining campaigns worldwide.
Malicious Go modules found on GitHub
Malicious Go modules keep surfacing on GitHub, exploiting the ecosystem's lack of a curated registry. Here's the pattern — and how to defend against it.
Go vulnerability database (govulncheck) trend report
Go's vulnerability database is scaling fast and stdlib CVEs are clustering. Here's what govulncheck vulnerability trends reveal about reachability, typosquats, and risk.
BuildKit Mount Cache Race Condition Vulnerability (CVE-20...
CVE-2024-23651 is a high-severity BuildKit race condition that can expose host files to build containers via shared cache mounts. Here's the full breakdown.