supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1045 articles
What Is Software Provenance?
Software provenance is the verifiable record of where an artifact came from and how it was built. Here's what a provenance record contains, how it is proven, and why it stops build-time tampering.
Zero Trust Architecture, Explained
Zero trust replaces the trusted internal network with a model that verifies every request explicitly, regardless of where it comes from. Here's what it actually means and how to move toward it.
The npm Supply Chain Security Guide
How the npm supply chain actually gets attacked — install scripts, maintainer takeovers, typosquatting, and dependency confusion — and a phased program to defend it from developer laptop to production.
Kotlin Security Best Practices: Beyond Null Safety on the JVM and Android
Null safety is a reliability win, not a security boundary. A Kotlin app inherits every JVM supply-chain CVE and the full Android attack surface — here's what the type system doesn't do for you.
Polyfill.io supply chain domain takeover
How a routine domain sale turned polyfill.io into malware served to 100,000+ sites, and how to catch supply chain takeovers before they ship.
The Principle of Least Privilege, Explained
Least privilege means every user, service, and process gets exactly the access it needs to do its job — and nothing more. Here's why it contains breaches and how to implement it without breaking things.
SBOM (Software Bill of Materials): Frequently Asked Questions
A clear FAQ on software bills of materials in 2026 — what an SBOM is, SPDX vs CycloneDX, NTIA minimum elements, VEX, signing, and how to keep an SBOM continuously accurate.
Secure Design Principles Every Team Should Know
Secure design principles are the durable rules of thumb — least privilege, fail securely, defense in depth, secure defaults — that keep systems safe by construction rather than by patching. Here's the working set and how to apply them.
Software Supply Chain Security for Healthcare
From FDA premarket SBOM requirements to a strengthened HIPAA Security Rule and connected medical devices with decade-long lifecycles, healthcare has a distinct supply chain problem. Here is how to build a program that holds up.
Software Supply Chain Security for Developers
For developers, supply chain security lives or dies in the pull request. Here is how to keep it there: catch real risk early, fix it in minutes, and never lose an afternoon to noise.
Software Supply Chain Security for Security Champions
A security champion is one engineer per team carrying the security conversation. Here is how to be effective at supply chain risk without a security title, a security budget, or a full day to spend on it.
Software Supply Chain Security for SRE Teams
For SRE teams, supply chain risk is a reliability problem — a zero-day in a production image is an incident waiting to page you. Here is how to own runtime posture, gate deploys, and answer 'where does this run?' in minutes instead of days.