Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Concepts

What Is a Build Artifact?

A build artifact is the packaged output your build process produces from source code. Here is why artifacts are a critical supply chain checkpoint and how to verify their provenance.

Dec 2, 20256 min read
Vulnerability Analysis

node-ipc 'Protestware' Sabotage Code Shipped to Millions ...

How a rogue node-ipc update turned a trusted npm dependency into disk-wiping protestware, and what CVE-2022-23812 means for your supply chain.

Dec 1, 20258 min read
Open Source Security

Malicious npm packages targeting developers in 2025

A year-end look at 2025's npm supply chain attacks—chalk/debug phishing, the Shai-Hulud worm, and industrialized malware campaigns—and how to defend against them.

Nov 30, 20257 min read
Open Source Security

NuGet Package Manager Tampering / Spoofing Vulnerability ...

CVE-2019-0757 lets an authenticated attacker tamper with NuGet package contents on Linux/Mac. CVSS 6.5. Affected versions, timeline, and fixes inside.

Nov 29, 20257 min read
Vulnerability Analysis

Apache Ant 'Get' Task Certificate Validation Failure (CVE...

CVE-2020-1945 exposes insecure temp-file handling in Apache Ant, risking data leaks and build-tampering. Affected versions, CVSS/EPSS context, and fixes inside.

Nov 28, 20257 min read
Vulnerability Analysis

Git safe.directory Bypass Enabling Code Execution on Mult...

CVE-2022-24765 let local users on shared Windows systems bypass Git's ownership checks and trigger code execution via malicious repo configs. Here's the full breakdown.

Nov 27, 20257 min read
Vulnerability Analysis

Git Local Clone Information Disclosure via Hardlinks (CVE...

CVE-2022-39253 abuses Git's local clone hardlink optimization to leak files from outside a repository. Here's the impact, fix, and how to stay protected.

Nov 27, 20258 min read
Vulnerability Analysis

SaltStack Directory Traversal Paired With Auth Bypass (CV...

CVE-2020-11652, a directory traversal flaw in SaltStack's salt-master, paired with an auth bypass to enable full remote compromise. Impact, CVSS/KEV context, and fixes.

Nov 23, 20257 min read
Vulnerability Analysis

Sonatype Nexus Repository Unauthenticated RCE via REST AP...

A deep dive into CVE-2019-7238, the unauthenticated RCE in Sonatype Nexus Repository Manager 3 that fueled cryptomining campaigns worldwide.

Nov 23, 20257 min read
Open Source Security

Malicious Go modules found on GitHub

Malicious Go modules keep surfacing on GitHub, exploiting the ecosystem's lack of a curated registry. Here's the pattern — and how to defend against it.

Nov 20, 20257 min read
Open Source Security

Go vulnerability database (govulncheck) trend report

Go's vulnerability database is scaling fast and stdlib CVEs are clustering. Here's what govulncheck vulnerability trends reveal about reachability, typosquats, and risk.

Nov 20, 20257 min read
Vulnerability Analysis

BuildKit Mount Cache Race Condition Vulnerability (CVE-20...

CVE-2024-23651 is a high-severity BuildKit race condition that can expose host files to build containers via shared cache mounts. Here's the full breakdown.

Nov 20, 20258 min read
software-supply-chain (Page 24) — Safeguard Blog