Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Buyer's Guides

Best GitHub Actions security scanning tools

A practical, no-hype comparison of GitHub Actions security tools — Zizmor, StepSecurity, Scorecard, Checkov, GitGuardian, and Legit Security — plus what to evaluate before you buy.

Nov 15, 20257 min read
AI Security

LLM System Prompt Leakage

System prompts often hide business logic and secrets. Here's how attackers extract them, real 2023-2024 incidents, and how to stop leaks before they reach production.

Nov 15, 20257 min read
Vulnerability Management

Best vulnerability management platforms

A practical comparison of leading vulnerability management platforms — Tenable, Qualys, Rapid7, CrowdStrike, Wiz, and Microsoft — plus how Safeguard closes the supply-chain gap.

Nov 14, 20257 min read
AI Security

LLM Supply Chain Vulnerabilities

Malicious model files, poisoned datasets, and compromised ML packages are the new software supply chain frontier. Here is how these LLM attacks actually work.

Nov 14, 20257 min read
Open Source Security

NuGet dependency confusion risk report

NuGet's default feed-resolution behavior keeps dependency confusion risk elevated across .NET orgs. Here's what the incident history shows, and how to close the gap.

Nov 14, 20257 min read
Buyer's Guides

Best open source license compliance tools

A practical comparison of open source license compliance tools—FOSSA, Mend, Black Duck, Snyk, and more—covering detection accuracy, policy engines, and SBOM support.

Nov 14, 20258 min read
Buyer's Guides

Best artifact and code signing tools

A practical, no-hype comparison of Sigstore, Notation, GitHub Attestations, DigiCert, Vault, and AWS Signer for teams choosing artifact signing tools.

Nov 14, 20258 min read
AI Security

Sensitive Information Disclosure in LLM Applications

From Samsung's ChatGPT leak to RAG pipelines with no access controls, sensitive information disclosure is now a top LLM security risk. Here's how it happens and how to stop it.

Nov 14, 20258 min read
Open Source Security

Malicious Composer packages on Packagist

Three malicious Composer package campaigns hit Packagist in under a year -- each sitting undetected for months. Here's what happened and how to catch the next one faster.

Nov 13, 20257 min read
AI Security

Overreliance on LLM Outputs: A Security Perspective

LLMs hallucinate packages, vulnerability verdicts, and compliance summaries with total confidence. Here's where overreliance on AI outputs creates real security risk—and how to close the gap.

Nov 13, 20257 min read
Buyer's Guides

Best open source project risk scoring tools

A practical buyer's guide comparing open source project risk scoring tools like OpenSSF Scorecard, Snyk, and Sonatype on signal quality and coverage.

Nov 12, 20258 min read
Buyer's Guides

Best VEX (Vulnerability Exploitability eXchange) tools

A practical buyer's guide to VEX tools: what to evaluate, and an honest look at Dependency-Track, GUAC, OpenVEX, Grype, Trivy, and Interlynk.

Nov 12, 20258 min read
software-supply-chain (Page 26) — Safeguard Blog