Safeguard
Tag

supply-chain-attacks

Safeguard articles tagged "supply-chain-attacks" — guides, analysis, and best practices for software supply chain and application security.

58 articles

DevSecOps

Why Automated Package Publishing Pipelines Are a Growing ...

From tj-actions to xz utils, attackers are hijacking CI/CD pipelines to poison packages at the source. Here's why publishing pipelines are the new frontline.

Jul 30, 20257 min read
Threat Intelligence

Software Supply Chain Attacks: H1 2025 Report

A data-driven breakdown of supply chain attacks from January through June 2025, covering attack vectors, targeted ecosystems, and emerging trends.

Jul 10, 20255 min read
Concepts

What is Dependency Pinning

Dependency pinning locks every package in your build to an exact, verified version so the code you tested is the code you ship. Here's how to do it per ecosystem.

Oct 8, 20246 min read
Supply Chain Security

GitHub Actions Artifact Poisoning: A Growing Supply Chain Attack Vector

Researchers disclosed techniques to poison GitHub Actions artifacts, enabling code execution in CI/CD pipelines of downstream projects. The attack exploits trust assumptions in artifact sharing.

Aug 12, 20247 min read
Open Source Security

A Taxonomy of Open Source Supply Chain Attacks

Supply chain attacks on open source come in distinct flavors. Understanding the taxonomy helps defenders prioritize controls and recognize threats before they reach production.

Apr 15, 20237 min read
Incident Response

Incident Response Playbook for Supply Chain Attacks

Supply chain attacks break your standard IR playbook. The compromise originates outside your perimeter, affects trusted software, and the blast radius is unknown. Here's how to adapt.

Nov 28, 20229 min read
Threat Analysis

Browser Extension Supply Chain Attacks: The Overlooked Threat Vector

Browser extensions have become a prime target for supply chain attackers. With access to browsing data, credentials, and session tokens, a compromised extension is a skeleton key to your organization.

Nov 15, 20227 min read
Business Continuity

Business Continuity Planning for Supply Chain Attacks

When a critical dependency is compromised or disappears, can your business keep running? Most organizations haven't answered this question honestly.

Oct 18, 20226 min read
Supply Chain Attacks

The State of Software Supply Chain Attacks: Mid-2022 Report

By mid-2022, supply chain attacks had surged 742% over the previous three years. Here's the data, the trends, and what defenders need to know.

Sep 1, 20226 min read
Supply Chain Attacks

npm Supply Chain Attacks: 2022 Q1 Report

The first quarter of 2022 saw a surge in npm malware — from protestware to dependency confusion to credential-stealing packages. Here's a roundup of the most significant incidents and emerging trends.

Apr 20, 20225 min read
supply-chain-attacks (Page 5) — Safeguard Blog