Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Security Guides

Node.js Security Best Practices for 2026

A practical, runtime-aware checklist for hardening Node.js services in 2026 — from the built-in permission model and secure defaults to dependency risk, secrets, and reachability-based triage.

Jul 1, 20266 min read
Security Guides

Ruby Security Best Practices: Deserialization, Injection, and the Gem Supply Chain

Rails is safe by default — until a developer reaches for YAML.load, Kernel#open, or a raw-string query. Here are the Ruby footguns and the gem hygiene that keep them closed.

Jul 1, 20266 min read
Guides

Software Supply Chain Security for Beginners: A Friendly First Guide

New to software supply chain security? This gentle, practical guide explains what it is, why every modern app depends on it, and how to run your very first check today.

Jul 1, 20266 min read
Solutions

Software Supply Chain Security for Financial Services

Banks, insurers, and fintechs now answer to DORA, PCI DSS 4.0, NYDFS 500, and SEC disclosure rules for the software they depend on. Here is what a supply chain security program needs, and how Safeguard delivers it.

Jul 1, 20266 min read
Concepts

The STRIDE Methodology Explained

STRIDE is a threat-modeling mnemonic that turns a blank whiteboard into six specific questions: is this element vulnerable to Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, or Elevation of privilege? Here's how to apply it.

Jul 1, 20267 min read
Solutions

Software Supply Chain Security for CISOs

The CISO does not write the vulnerable dependency, but answers for it to the board, the auditor, and the regulator. Here is how to run a supply chain program that stands up to all three.

Jul 1, 20266 min read
Solutions

Software Supply Chain Security for Engineering Managers

Engineering managers sit where delivery pressure meets inherited risk. Here is how to own dependency security without stalling the roadmap — what to prioritize, which metrics to track, and how to make remediation a normal part of the sprint.

Jul 1, 20267 min read
Solutions

Software Supply Chain Security for Platform Engineers

Platform engineers turn security from a request into a default. Here is how to build supply chain guardrails into the paved road so the secure path is also the fast one.

Jul 1, 20266 min read
Concepts

What Is Secrets Management?

Secrets management is the practice of securely storing, distributing, rotating, and auditing the credentials your software needs to run. Here's how it works, why leaked secrets are a top breach vector, and how to get it right in 2026.

Jul 1, 20267 min read
Concepts

What Is SLSA? Supply-chain Levels for Software Artifacts Explained

SLSA is an open framework of graded security levels for build integrity, letting teams prove how a software artifact was produced. Here's how the Build track levels work and how to reach them.

Jul 1, 20266 min read
Concepts

What Is Threat Modeling?

Threat modeling is the structured practice of asking what can go wrong with a system before you build it, then designing controls to match. Here's the four-question framework, how to run a session, and where it fits supply chain security.

Jul 1, 20267 min read
Software Supply Chain Security

GitHub repo confusion and malware repositories

Fake GitHub repos with forged stars and AI-written READMEs are stealing crypto and credentials. Here's how repo confusion attacks actually work.

Jul 1, 20267 min read
supply-chain-security (Page 21) — Safeguard Blog