Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Cloud Security

Why You Need a Kubernetes Admission Controller

RBAC decides who can call the Kubernetes API — it has no concept of what a pod spec contains, which is why privileged containers still slip through into clusters every day.

Jul 7, 20266 min read
DevSecOps

Foundations for adopting AI coding tools securely in an engineering org

One engineering team cut critical vulnerability remediation from a week to 24 hours after wiring security checks into AI coding tools at the moment of code generation.

Jul 7, 20268 min read
Industry Analysis

How the security industry is scaling partnerships for AI risk

No vendor covers model security, agent runtime policy, supply-chain risk, and code-level AppSec alone — partner-sourced ARR at one major vendor grew over 6x from 2023 to 2025.

Jul 7, 20266 min read
Supply Chain Attacks

Malicious code in scoped npm packages: what the Miasma attack teaches

32 releases under the trusted @redhat-cloud-services npm scope shipped credential-stealing malware in June 2026 — with valid SLSA provenance attached.

Jul 7, 20267 min read
AI Security

New security risks across the agentic development lifecycle

Snyk found 76 confirmed-malicious skills among 3,984 analyzed and roughly a third of public MCP servers carrying exploitable flaws — legacy AppSec never modeled an agent as the author.

Jul 7, 20267 min read
Open Source Security

Protestware via prompt injection: when maintainers target AI agents

jqwik 1.10.0 shipped a hidden instruction telling AI coding agents to delete their own tests, then erased it from the terminal with ANSI codes — protestware built for agents, not humans.

Jul 7, 20267 min read
Open Source Security

Should open source maintainers get free enterprise security tooling?

80-90% of the average codebase is open source, built largely by unpaid maintainers — Snyk's year-old maintainer program now covers 60+ projects for free.

Jul 7, 20266 min read
DevSecOps

What a good AI remediation agent needs to fix dependencies safely

Snyk's CLI remediation agent pushed fix rates from 23% to 45% with an intelligence layer — but the harder problem is making an agent developers trust to touch their lockfile unsupervised.

Jul 7, 20266 min read
AI Security

What agentic coding environments reveal about developer risk

Snyk analyzed nearly 10,000 real developer environments and found 43% run 2+ AI coding tools at once — with MCP servers and skills quietly widening the attack surface.

Jul 7, 20267 min read
Concepts

Data Flow Diagrams for Threat Modeling

A data flow diagram maps how data moves through a system and where trust changes — the foundation most threat modeling is built on. Here's how to draw one that actually surfaces threats.

Jul 6, 20267 min read
Security Guides

Elixir and Phoenix Security Best Practices: BEAM Footguns and the Hex Supply Chain

Phoenix is safe by default, but the BEAM has its own footguns — binary_to_term, atom exhaustion, dynamic eval — and the Erlang/OTP runtime beneath it shipped a CVSS 10.0 pre-auth SSH RCE in 2025.

Jul 6, 20266 min read
Security Guides

Go Dependency Management Security: go.mod Hygiene That Actually Reduces Risk

Minimal version selection, indirect dependencies, replace directives, and the update cadence nobody documents. A practical guide to keeping your Go dependency graph both current and trustworthy.

Jul 6, 20266 min read
supply-chain-security (Page 15) — Safeguard Blog