Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

AI Security

5 best practices for adopting GitHub Copilot securely

GitHub Copilot has 1.3M+ paid seats. Five concrete, evidence-based practices for locking down content exclusion, licensing, code quality, and prompt injection risk.

Jun 12, 20267 min read
Industry Analysis

Medical device software security and compliance

FDA's 2023 cybersecurity mandate turned SBOMs into a submission gate. Here's what medical device makers actually need, and where legacy SCA tools like Black Duck fall short.

Jun 11, 20267 min read
Industry Analysis

Embedded software and ISV security programs

Black Duck built its business on binary composition analysis for embedded software. Here's what that approach misses in 2026, and what a modern ISV security program needs instead.

Jun 11, 20268 min read
AI Security

Introducing Agentic Development Security (ADS)

As AI agents now author up to half of production commits, Safeguard introduces Agentic Development Security (ADS) — a new framework for securing autonomous coding.

Jun 10, 20267 min read
Buyer's Guides

Best Secrets Scanning Tools in 2026: An Honest Buyer's Guide

An honest, engineer-first guide to the best secrets scanning tools in 2026 — Gitleaks, TruffleHog, detect-secrets, GitGuardian, Kingfisher, and where a supply chain platform fits — with a clear 'best for' line for each.

Jun 9, 20268 min read
Industry Events

Infosecurity Europe 2026's Cyber Startup Programme: A New Pipeline for Early-Stage Security

Infosecurity Europe debuted a Cyber Startup Programme, a live-pitch Startup Award, and a dedicated Cyber Startups Zone in June 2026. Here is what it actually delivered for early-stage founders working on agentic AI security and software supply chain risk.

Jun 8, 20267 min read
Buyer's Guides

Best ASPM Tools in 2026: Application Security Posture Management Compared

An honest buyer's guide to the best ASPM tools in 2026 — Apiiro, ArmorCode, Cycode, Snyk AppRisk, OX Security, and Safeguard — with a fair blurb and a best-for line for each, plus how AIBOM and supply chain risk reshape the category.

Jun 8, 20268 min read
Buyer's Guides

Best CNAPP Platforms in 2026: An Honest Buyer's Guide

An honest, opinionated guide to the best CNAPP platforms in 2026 — Wiz, Prisma Cloud, Microsoft Defender for Cloud, CrowdStrike, Aqua, Orca, and Sysdig — plus where the cloud-native security category is heading on AI-SPM, runtime, and supply chain.

Jun 7, 20268 min read
Vulnerability Analysis

NVD in the AI era: multi-source vulnerability intelligence

NVD's 2024 enrichment backlog exposed the risk of a single vulnerability feed. Here's how multi-source data and AI triage close the gap.

Jun 7, 20266 min read
AI Security

AI Is Forcing a New Open Source Security Model

AI coding agents now choose dependencies — and attackers are exploiting hallucinated packages and MCP backdoors that legacy SCA tools like Sonatype's were never built to catch.

Jun 7, 20267 min read
AI Security

Governments banning AI models: security implications for teams

Governments banned DeepSeek and other AI models in 2025 within days. Here's the security supply-chain risk teams face and how to find and fix it fast.

Jun 7, 20266 min read
Application Security

Reachability Analysis as the Missing Piece of SCA

Most SCA-flagged vulnerabilities aren't exploitable. Here's why reachability analysis — not just dependency matching — is what separates real risk from noise, and where Sonatype falls short.

Jun 7, 20268 min read
software-supply-chain (Page 5) — Safeguard Blog