Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Buyer's Guides

Mend.io vs Noma Security: AI security platform comparison

Mend.io vs Noma Security: how these AI security platforms compare, and where Safeguard fits with its own AI-BOM, model scanning, and AI Gateway.

May 24, 20269 min read
SBOM

SBOM security: key components and top use cases

A practical breakdown of SBOM security components and top use cases—incident response, compliance, M&A—plus how Safeguard's approach differs from SCA-first tools like Mend.io.

May 23, 20268 min read
Regulatory Compliance

EU Cyber Resilience Act SBOM requirements

The EU Cyber Resilience Act makes SBOMs a legal requirement, not a best practice. Here's what's mandated, key 2026/2027 deadlines, and how Safeguard compares to Mend.io.

May 22, 20267 min read
Application Security

The ultimate guide to creating a secure Python package

A concrete, numbers-first guide to locking dependencies, signing releases, and scanning for CVEs when building a secure Python package.

May 22, 20266 min read
Compliance

License compatibility when combining open source components

Open source license conflicts like GPL-Apache incompatibility often surface after merge. Here's why scanners miss them and how build-time enforcement closes the gap.

May 22, 20266 min read
Open Source Security

Automated dependency updates and patch management

How automated dependency updates actually close the patch gap—where Mend.io's approach falls short, and what reachability, provenance, and policy-as-code add.

May 21, 20267 min read
Open Source Security

ROI of automated dependency management (Renovate Enterprise)

Automated dependency updates promise real ROI, but Renovate Enterprise's PR-scheduling model often stalls at the review bottleneck. Here's how to measure the real numbers.

May 21, 20267 min read
Open Source Security

Malicious packages and malware campaigns: the new reality...

Malicious open source packages don't wait for a CVE. See how npm worms, xz utils, and typosquats evade legacy SCA — and what real detection requires.

May 21, 20267 min read
Application Security

.NET and NuGet dependency vulnerability management

NuGet packages have delivered RATs, crypto stealers, and undisclosed data collection to .NET teams. Here's how to detect and defend against .NET/NuGet supply chain risk.

May 20, 20267 min read
DevSecOps

How to implement DevSecOps in 4 steps

A concrete, 4-step playbook for implementing DevSecOps — pipeline gating, SBOM generation, reachability-based triage, and auto-fix PRs.

May 19, 20267 min read
Application Security

First-Party Code vs Open Source Risk: Where Should AppSec...

First-party code and open source dependencies are one attack surface. See how Safeguard's unified scanning compares to Endor Labs' open-source-first approach.

May 19, 20269 min read
DevSecOps

Building a security-conscious CI/CD pipeline

CI/CD pipelines are now the top supply chain target. Here's how to build one with real controls—secrets, scoping, SBOMs, and provenance.

May 18, 20266 min read
software-supply-chain (Page 8) — Safeguard Blog