software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
Best git commit signing and repository integrity tools
A buyer's guide to git commit signing tools -- GPG, SSH signing, Sigstore, gittuf, and more -- compared honestly for real repository integrity verification.
Unrestricted Resource Consumption in APIs
API4:2023 shows how a single unbounded request—GraphQL depth, a ReDoS regex, an unthrottled upload—can take down an API or run up a cloud bill.
Best penetration testing platforms and services
A practical, no-hype comparison of penetration testing platforms and pentest-as-a-service vendors — what to evaluate, six real providers reviewed, and where supply chain risk fits in.
Unsafe Consumption of Third-Party APIs
Third-party APIs get trusted more than user input ever would — and attackers know it. Real breaches from Polyfill.io to 3CX show why that trust is misplaced.
Security Misconfiguration in APIs
Optus, T-Mobile, Peloton, and USPS were all breached through misconfigured APIs, not exploits. Here's what causes it, what it costs, and how to catch it first.
Dependency confusion attacks against major tech companies
A look at the dependency confusion attacks that hit Apple, Microsoft, PayPal, and PyTorch — and why the technique still works against top engineering orgs.
Best zero trust architecture implementation tools
A vendor-neutral buyer's guide to zero trust architecture tools: what to evaluate, plus honest strengths and limits of six leading platforms compared.
Improper Inventory Management: Shadow and Zombie APIs
Undocumented shadow APIs and forgotten zombie endpoints are quietly expanding attack surface. Here's why inventory gaps cause breaches like T-Mobile and Optus.
GitHub Actions supply chain risk report
A look at the tj-actions/changed-files compromise and the broader trend of GitHub Actions supply chain attacks — and what security teams should do now.
Hidden Functionality and Undocumented API Endpoints
Undocumented API endpoints and hidden functionality sit outside vendor documentation entirely — here's where they come from, why attackers find them first, and how to detect them.
Best secure software development lifecycle (SSDLC) platforms
A practical buyer's guide to SSDLC platforms in 2026 — evaluation criteria, an honest roundup of six real vendors, and where Safeguard fits in.
Best software supply chain observability tools
A practical, no-hype buyer's guide to software supply chain observability tools -- evaluation criteria, an honest roundup of six real vendors, and where Safeguard fits.