Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

DevSecOps

8 tips for securing your CI/CD pipeline

Real incidents like tj-actions and xz-utils show how CI/CD pipelines get compromised. Eight concrete, actionable tips to lock yours down.

May 18, 20266 min read
Application Security

AI Security Code Review for Pull Requests

How AI code review security works in pull requests, where Endor Labs stops short, and what closes the gap between diff review and real supply chain risk.

May 18, 20269 min read
Vulnerability Management

Patch Transparency: Auditing Automated Fix Pull Requests

Automated fix PRs from Dependabot, Renovate, and Endor Labs move fast but are rarely auditable. Here's what a real patch transparency record needs.

May 16, 20267 min read
Vulnerability Management

Zero-Day Patch Response at Scale: Can Open Source Maintai...

Zero-day patch timelines swing from 3 hours to 10 weeks across open source projects. Here's why maintainer capacity, not tooling, is the real bottleneck.

May 16, 20268 min read
SBOM & Compliance

SBOM and Compliance: Generating and Exporting Software Bi...

Regulators now require SBOMs from federal vendors, medical device makers, and soon every EU digital product. Here's how SBOM generation tools actually compare on accuracy, format, and export.

May 15, 20267 min read
SBOM & Compliance

Open Source License Compliance: Automating License Risk R...

Manual license audits miss GPL contamination and copyleft traps. Here's how automated license risk reports work, and how Safeguard stacks up against Endor Labs.

May 15, 20267 min read
SBOM & Compliance

Cyber Resilience Act (CRA) Compliance for Software Vendors

CRA reporting duties start Sept 2026; fines reach 2.5% of global turnover. What software vendors must do for SBOMs, vulnerability reporting, and audits.

May 15, 20268 min read
AI Security

ISO 42001 and AI Management Systems for Security Teams

ISO 42001 makes AI governance auditable and certifiable. Here's what security teams need to build an AIMS, where Endor Labs' AI code-risk scoring falls short, and how Safeguard closes the gap.

May 14, 20267 min read
SBOM & Compliance

PCI DSS Requirements for Application Security Testing

PCI DSS 4.0's March 2025 deadline made SBOMs and 30-day patch SLAs mandatory. Here's what Requirements 6.3.2, 6.4.2, and 11.3 actually demand, and where Endor Labs leaves compliance gaps.

May 14, 20267 min read
AI Security

AI Coding Agent Governance: Securing Copilot, Cursor, and...

How to govern Copilot, Cursor, and Claude Code with provenance tracking and permission scoping — beyond after-the-fact SCA scanning of agent-written code.

May 14, 20267 min read
AI Security

Securing MCP Servers and Agent Skills in the Enterprise

MCP servers and agent skills give AI agents new power—and new attack surface. Here's how tool poisoning and rug-pull attacks work, and how to stop them.

May 14, 20267 min read
Application Security

SAST vs DAST vs SCA vs IAST

SAST, DAST, SCA, and IAST each test different risk. See how Safeguard's unified platform compares to Socket.dev's SCA-focused approach to supply chain security.

May 13, 20268 min read
software-supply-chain (Page 9) — Safeguard Blog