Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Buyer's Guides

Sonatype vs JFrog Xray: A Neutral Comparison for 2026

Sonatype and JFrog Xray both secure the software supply chain from the artifact repository outward, but they anchor to different platforms and philosophies. An honest side-by-side, plus a third option.

Jul 5, 20266 min read
Solutions

Software Supply Chain Security for Product Security Teams

Product security teams own the security of what ships and stays shipped. Here is how to embed supply chain controls across the SDLC, run PSIRT for third-party CVEs, and manage security debt in released products without owning every repo yourself.

Jul 5, 20266 min read
Concepts

What Is Sigstore?

Sigstore is an open-source project for signing and verifying software without managing long-lived keys. Here's how Cosign, Fulcio, and Rekor make keyless signing work.

Jul 5, 20266 min read
Security Guides

C++ Security Best Practices: Memory Safety, Hardening Flags, and the C/C++ Supply Chain

Microsoft attributes roughly 70% of its CVEs to memory-safety bugs, and the xz backdoor proved the C/C++ supply chain is a live target. Here is the practical hardening path for code you can't rewrite.

Jul 4, 20266 min read
DevSecOps

Dependency Management Best Practices for Secure Software

Your app is mostly other people's code. A 2026 guide to managing dependencies securely — lockfiles, provenance, SBOMs, update strategy, and reachability — so a bad package doesn't become your breach.

Jul 4, 20265 min read
FAQ

Dependency Management: Frequently Asked Questions

A practical FAQ on managing software dependencies in 2026 — direct vs transitive, lockfiles, semantic versioning, safe updates, dependency confusion, and keeping trees clean.

Jul 4, 20266 min read
Career

How to Get Into Software Supply Chain Security

Software supply chain security is one of the hottest specialties in the field—and one of the least crowded. Here is how students and career-changers can break into it, from the core concepts to a portfolio that stands out.

Jul 4, 20266 min read
Security Guides

NuGet Supply Chain Security: Protecting Your .NET Dependencies

How NuGet supply chain attacks work, from dependency confusion to typosquatting, and the concrete controls, lock files, source mapping, and signing, that lock down your .NET build.

Jul 4, 20265 min read
Concepts

Secure Defaults, Explained

Secure defaults mean the out-of-the-box configuration is the safe one, and weakening it requires a deliberate opt-in. Here's why the default state decides most real-world security outcomes.

Jul 4, 20267 min read
Container Security

Securing Container Registries: From Push to Pull

Your registry is the single point every image passes through — and a favorite target for attackers who want to poison many deployments at once. Here is how to lock it down end to end.

Jul 4, 20265 min read
Solutions

Software Supply Chain Security for Startups

For a startup, supply chain security is less about compliance mandates and more about closing enterprise deals and surviving the incident that could end you. Here is how to get it right with a small team.

Jul 4, 20265 min read
Solutions

Software Supply Chain Security for Compliance Officers

For compliance officers, supply chain security is an evidence problem before it is a technical one. Here is how to map controls to frameworks, keep evidence current, and pass an audit without turning your engineers into a documentation team.

Jul 4, 20266 min read
supply-chain-security (Page 17) — Safeguard Blog