supply-chain-attacks
Safeguard articles tagged "supply-chain-attacks" — guides, analysis, and best practices for software supply chain and application security.
58 articles
Why Automated Package Publishing Pipelines Are a Growing ...
From tj-actions to xz utils, attackers are hijacking CI/CD pipelines to poison packages at the source. Here's why publishing pipelines are the new frontline.
Software Supply Chain Attacks: H1 2025 Report
A data-driven breakdown of supply chain attacks from January through June 2025, covering attack vectors, targeted ecosystems, and emerging trends.
What is Dependency Pinning
Dependency pinning locks every package in your build to an exact, verified version so the code you tested is the code you ship. Here's how to do it per ecosystem.
GitHub Actions Artifact Poisoning: A Growing Supply Chain Attack Vector
Researchers disclosed techniques to poison GitHub Actions artifacts, enabling code execution in CI/CD pipelines of downstream projects. The attack exploits trust assumptions in artifact sharing.
A Taxonomy of Open Source Supply Chain Attacks
Supply chain attacks on open source come in distinct flavors. Understanding the taxonomy helps defenders prioritize controls and recognize threats before they reach production.
Incident Response Playbook for Supply Chain Attacks
Supply chain attacks break your standard IR playbook. The compromise originates outside your perimeter, affects trusted software, and the blast radius is unknown. Here's how to adapt.
Browser Extension Supply Chain Attacks: The Overlooked Threat Vector
Browser extensions have become a prime target for supply chain attackers. With access to browsing data, credentials, and session tokens, a compromised extension is a skeleton key to your organization.
Business Continuity Planning for Supply Chain Attacks
When a critical dependency is compromised or disappears, can your business keep running? Most organizations haven't answered this question honestly.
The State of Software Supply Chain Attacks: Mid-2022 Report
By mid-2022, supply chain attacks had surged 742% over the previous three years. Here's the data, the trends, and what defenders need to know.
npm Supply Chain Attacks: 2022 Q1 Report
The first quarter of 2022 saw a surge in npm malware — from protestware to dependency confusion to credential-stealing packages. Here's a roundup of the most significant incidents and emerging trends.