supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1045 articles
Node.js Security Best Practices for 2026
A practical, runtime-aware checklist for hardening Node.js services in 2026 — from the built-in permission model and secure defaults to dependency risk, secrets, and reachability-based triage.
Ruby Security Best Practices: Deserialization, Injection, and the Gem Supply Chain
Rails is safe by default — until a developer reaches for YAML.load, Kernel#open, or a raw-string query. Here are the Ruby footguns and the gem hygiene that keep them closed.
Software Supply Chain Security for Beginners: A Friendly First Guide
New to software supply chain security? This gentle, practical guide explains what it is, why every modern app depends on it, and how to run your very first check today.
Software Supply Chain Security for Financial Services
Banks, insurers, and fintechs now answer to DORA, PCI DSS 4.0, NYDFS 500, and SEC disclosure rules for the software they depend on. Here is what a supply chain security program needs, and how Safeguard delivers it.
The STRIDE Methodology Explained
STRIDE is a threat-modeling mnemonic that turns a blank whiteboard into six specific questions: is this element vulnerable to Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, or Elevation of privilege? Here's how to apply it.
Software Supply Chain Security for CISOs
The CISO does not write the vulnerable dependency, but answers for it to the board, the auditor, and the regulator. Here is how to run a supply chain program that stands up to all three.
Software Supply Chain Security for Engineering Managers
Engineering managers sit where delivery pressure meets inherited risk. Here is how to own dependency security without stalling the roadmap — what to prioritize, which metrics to track, and how to make remediation a normal part of the sprint.
Software Supply Chain Security for Platform Engineers
Platform engineers turn security from a request into a default. Here is how to build supply chain guardrails into the paved road so the secure path is also the fast one.
What Is Secrets Management?
Secrets management is the practice of securely storing, distributing, rotating, and auditing the credentials your software needs to run. Here's how it works, why leaked secrets are a top breach vector, and how to get it right in 2026.
What Is SLSA? Supply-chain Levels for Software Artifacts Explained
SLSA is an open framework of graded security levels for build integrity, letting teams prove how a software artifact was produced. Here's how the Build track levels work and how to reach them.
What Is Threat Modeling?
Threat modeling is the structured practice of asking what can go wrong with a system before you build it, then designing controls to match. Here's the four-question framework, how to run a session, and where it fits supply chain security.
GitHub repo confusion and malware repositories
Fake GitHub repos with forged stars and AI-written READMEs are stealing crypto and credentials. Here's how repo confusion attacks actually work.