software-supply-chain
Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.
526 articles
5 best practices for adopting GitHub Copilot securely
GitHub Copilot has 1.3M+ paid seats. Five concrete, evidence-based practices for locking down content exclusion, licensing, code quality, and prompt injection risk.
Medical device software security and compliance
FDA's 2023 cybersecurity mandate turned SBOMs into a submission gate. Here's what medical device makers actually need, and where legacy SCA tools like Black Duck fall short.
Embedded software and ISV security programs
Black Duck built its business on binary composition analysis for embedded software. Here's what that approach misses in 2026, and what a modern ISV security program needs instead.
Introducing Agentic Development Security (ADS)
As AI agents now author up to half of production commits, Safeguard introduces Agentic Development Security (ADS) — a new framework for securing autonomous coding.
Best Secrets Scanning Tools in 2026: An Honest Buyer's Guide
An honest, engineer-first guide to the best secrets scanning tools in 2026 — Gitleaks, TruffleHog, detect-secrets, GitGuardian, Kingfisher, and where a supply chain platform fits — with a clear 'best for' line for each.
Infosecurity Europe 2026's Cyber Startup Programme: A New Pipeline for Early-Stage Security
Infosecurity Europe debuted a Cyber Startup Programme, a live-pitch Startup Award, and a dedicated Cyber Startups Zone in June 2026. Here is what it actually delivered for early-stage founders working on agentic AI security and software supply chain risk.
Best ASPM Tools in 2026: Application Security Posture Management Compared
An honest buyer's guide to the best ASPM tools in 2026 — Apiiro, ArmorCode, Cycode, Snyk AppRisk, OX Security, and Safeguard — with a fair blurb and a best-for line for each, plus how AIBOM and supply chain risk reshape the category.
Best CNAPP Platforms in 2026: An Honest Buyer's Guide
An honest, opinionated guide to the best CNAPP platforms in 2026 — Wiz, Prisma Cloud, Microsoft Defender for Cloud, CrowdStrike, Aqua, Orca, and Sysdig — plus where the cloud-native security category is heading on AI-SPM, runtime, and supply chain.
NVD in the AI era: multi-source vulnerability intelligence
NVD's 2024 enrichment backlog exposed the risk of a single vulnerability feed. Here's how multi-source data and AI triage close the gap.
AI Is Forcing a New Open Source Security Model
AI coding agents now choose dependencies — and attackers are exploiting hallucinated packages and MCP backdoors that legacy SCA tools like Sonatype's were never built to catch.
Governments banning AI models: security implications for teams
Governments banned DeepSeek and other AI models in 2025 within days. Here's the security supply-chain risk teams face and how to find and fix it fast.
Reachability Analysis as the Missing Piece of SCA
Most SCA-flagged vulnerabilities aren't exploitable. Here's why reachability analysis — not just dependency matching — is what separates real risk from noise, and where Sonatype falls short.