Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Concepts

What Is Software Provenance?

Software provenance is the verifiable record of where an artifact came from and how it was built. Here's what a provenance record contains, how it is proven, and why it stops build-time tampering.

Jul 3, 20266 min read
Concepts

Zero Trust Architecture, Explained

Zero trust replaces the trusted internal network with a model that verifies every request explicitly, regardless of where it comes from. Here's what it actually means and how to move toward it.

Jul 3, 20267 min read
Security Guides

The npm Supply Chain Security Guide

How the npm supply chain actually gets attacked — install scripts, maintainer takeovers, typosquatting, and dependency confusion — and a phased program to defend it from developer laptop to production.

Jul 2, 20265 min read
Security Guides

Kotlin Security Best Practices: Beyond Null Safety on the JVM and Android

Null safety is a reliability win, not a security boundary. A Kotlin app inherits every JVM supply-chain CVE and the full Android attack surface — here's what the type system doesn't do for you.

Jul 2, 20266 min read
Software Supply Chain Security

Polyfill.io supply chain domain takeover

How a routine domain sale turned polyfill.io into malware served to 100,000+ sites, and how to catch supply chain takeovers before they ship.

Jul 2, 20267 min read
Concepts

The Principle of Least Privilege, Explained

Least privilege means every user, service, and process gets exactly the access it needs to do its job — and nothing more. Here's why it contains breaches and how to implement it without breaking things.

Jul 2, 20267 min read
FAQ

SBOM (Software Bill of Materials): Frequently Asked Questions

A clear FAQ on software bills of materials in 2026 — what an SBOM is, SPDX vs CycloneDX, NTIA minimum elements, VEX, signing, and how to keep an SBOM continuously accurate.

Jul 2, 20266 min read
Concepts

Secure Design Principles Every Team Should Know

Secure design principles are the durable rules of thumb — least privilege, fail securely, defense in depth, secure defaults — that keep systems safe by construction rather than by patching. Here's the working set and how to apply them.

Jul 2, 20267 min read
Solutions

Software Supply Chain Security for Healthcare

From FDA premarket SBOM requirements to a strengthened HIPAA Security Rule and connected medical devices with decade-long lifecycles, healthcare has a distinct supply chain problem. Here is how to build a program that holds up.

Jul 2, 20266 min read
Solutions

Software Supply Chain Security for Developers

For developers, supply chain security lives or dies in the pull request. Here is how to keep it there: catch real risk early, fix it in minutes, and never lose an afternoon to noise.

Jul 2, 20266 min read
Solutions

Software Supply Chain Security for Security Champions

A security champion is one engineer per team carrying the security conversation. Here is how to be effective at supply chain risk without a security title, a security budget, or a full day to spend on it.

Jul 2, 20266 min read
Solutions

Software Supply Chain Security for SRE Teams

For SRE teams, supply chain risk is a reliability problem — a zero-day in a production image is an incident waiting to page you. Here is how to own runtime posture, gate deploys, and answer 'where does this run?' in minutes instead of days.

Jul 2, 20266 min read
supply-chain-security (Page 19) — Safeguard Blog