Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Concepts

Threat Modeling for Developers

Threat modeling doesn't have to be a heavyweight ceremony run by a separate security team. Here's how developers can fold lightweight, per-feature threat modeling directly into pull requests and sprint work.

Jul 2, 20267 min read
Concepts

What Is Defense in Depth in Security?

Defense in depth is a layered security strategy that assumes any single control will eventually fail, so it stacks independent safeguards to slow and stop attackers. Here's how the model works and how it maps to the software supply chain.

Jul 2, 20266 min read
FAQ

What Is Safeguard? Common Questions Answered

A beginner-friendly FAQ explaining what Safeguard is, who it is for, what it protects against, and how it compares to the tools teams already use.

Jul 2, 20264 min read
Buyer's Guides

What GitHub Advanced Security actually includes now that ...

GitHub split Advanced Security into Secret Protection and Code Security in April 2025. Here's what each product covers, what it costs, and where the gaps still are.

Jul 2, 20267 min read
Application Security

GitHub Secret Protection deep dive: push protection, cust...

How GitHub Secret Protection's push protection, custom patterns, and validity checks actually work post-GHAS split, and where the coverage gaps still leave secrets exposed.

Jul 2, 20267 min read
DevSecOps

CI/CD Pipeline Security Best Practices for 2026

Your build pipeline is production-adjacent infrastructure with credentials to everything. Here are the CI/CD security practices — mapped to the OWASP Top 10 CI/CD risks — that actually close the gaps attackers use.

Jul 1, 20265 min read
Concepts

Attack Surface Reduction: A Practical Guide

Attack surface reduction is the discipline of removing every input, interface, and privilege an attacker could reach that your system does not actually need. Here's how to inventory, shrink, and keep it small.

Jul 1, 20267 min read
DevSecOps

DevSecOps Best Practices: A 2026 Implementation Guide

A practical, opinionated guide to the DevSecOps practices that actually reduce risk in 2026 — from shifting left correctly to policy gates, reachability, and measurable ownership.

Jul 1, 20266 min read
Security Guides

.NET Security Best Practices for 2026

A practical .NET security playbook covering dependency risk, deserialization, secrets, cryptography, and CI/CD hardening, with the config flags and CVEs that make each control real.

Jul 1, 20267 min read
Security Guides

Go Security Best Practices: A 2026 Field Guide for Backend Teams

Go ships secure defaults most other languages lack — but its supply chain, concurrency model, and cgo edges still leak real vulnerabilities. Here are the practices that actually move the needle.

Jul 1, 20268 min read
Container Security

Helm Chart Security Best Practices

Helm charts template every RBAC binding, image reference, and secret your cluster runs. Here is how to harden charts, verify provenance, and stop a templating tool from quietly shipping cluster-admin.

Jul 1, 20266 min read
Compliance

NIS2 Directive explained: the software and supply-chain obligations

NIS2 rewired EU cybersecurity law around supply-chain security, vulnerability handling, and 24-hour incident reporting. Here is who is in scope and what your software teams now have to prove.

Jul 1, 20267 min read
supply-chain-security (Page 20) — Safeguard Blog