Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Buyer's Guides

Best git commit signing and repository integrity tools

A buyer's guide to git commit signing tools -- GPG, SSH signing, Sigstore, gittuf, and more -- compared honestly for real repository integrity verification.

Nov 7, 20258 min read
Industry Analysis

Unrestricted Resource Consumption in APIs

API4:2023 shows how a single unbounded request—GraphQL depth, a ReDoS regex, an unthrottled upload—can take down an API or run up a cloud bill.

Nov 6, 20257 min read
Application Security

Best penetration testing platforms and services

A practical, no-hype comparison of penetration testing platforms and pentest-as-a-service vendors — what to evaluate, six real providers reviewed, and where supply chain risk fits in.

Nov 6, 20257 min read
Industry Analysis

Unsafe Consumption of Third-Party APIs

Third-party APIs get trusted more than user input ever would — and attackers know it. Real breaches from Polyfill.io to 3CX show why that trust is misplaced.

Nov 6, 20257 min read
Industry Analysis

Security Misconfiguration in APIs

Optus, T-Mobile, Peloton, and USPS were all breached through misconfigured APIs, not exploits. Here's what causes it, what it costs, and how to catch it first.

Nov 6, 20257 min read
Incident Analysis

Dependency confusion attacks against major tech companies

A look at the dependency confusion attacks that hit Apple, Microsoft, PayPal, and PyTorch — and why the technique still works against top engineering orgs.

Nov 5, 20257 min read
Buyer's Guides

Best zero trust architecture implementation tools

A vendor-neutral buyer's guide to zero trust architecture tools: what to evaluate, plus honest strengths and limits of six leading platforms compared.

Nov 5, 20258 min read
Industry Analysis

Improper Inventory Management: Shadow and Zombie APIs

Undocumented shadow APIs and forgotten zombie endpoints are quietly expanding attack surface. Here's why inventory gaps cause breaches like T-Mobile and Optus.

Nov 5, 20257 min read
Incident Analysis

GitHub Actions supply chain risk report

A look at the tj-actions/changed-files compromise and the broader trend of GitHub Actions supply chain attacks — and what security teams should do now.

Nov 5, 20257 min read
Industry Analysis

Hidden Functionality and Undocumented API Endpoints

Undocumented API endpoints and hidden functionality sit outside vendor documentation entirely — here's where they come from, why attackers find them first, and how to detect them.

Nov 5, 20257 min read
DevSecOps

Best secure software development lifecycle (SSDLC) platforms

A practical buyer's guide to SSDLC platforms in 2026 — evaluation criteria, an honest roundup of six real vendors, and where Safeguard fits in.

Nov 4, 20257 min read
Buyer's Guides

Best software supply chain observability tools

A practical, no-hype buyer's guide to software supply chain observability tools -- evaluation criteria, an honest roundup of six real vendors, and where Safeguard fits.

Nov 4, 20258 min read
software-supply-chain (Page 29) — Safeguard Blog