Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Compliance

ISO 27001 and NIST Framework Alignment for Supply Chain V...

How ISO 27001:2022 and NIST's SSDF, SP 800-161, and CSF 2.0 converge on software supply chain vendors—and where CVE-only scanning tools leave compliance gaps.

Jun 6, 20267 min read
Industry Events

Infosecurity Europe 2026 Recap: Agentic AI Security Owned the Floor at ExCeL London

Agentic AI, post-quantum cryptography, and ransomware economics dominated Infosecurity Europe 2026. Here is what actually mattered on the floor at ExCeL London, and what was hype.

Jun 5, 20266 min read
Threat Intelligence

Sonatype Firewall: Malicious Package Protection

Sonatype's Repository Firewall blocks known malicious packages at the door, but timing gaps and single-source blind spots still let real threats through.

Jun 5, 20267 min read
AI Security

LLM output validation and sanitization best practices

LLM output is untrusted input to everything downstream. Here's how to validate, encode, and sandbox it before it becomes your next injection vector.

Jun 5, 20267 min read
AI Security

Zero-day risk in third-party AI model dependencies

Malicious Hugging Face models, a trojanized Ultralytics PyPI release, and a torch.load bypass show AI model dependencies now carry real zero-day risk.

Jun 5, 20266 min read
AI Security

Sonatype Guide: Securing Agentic AI Development

Sonatype's new guide reframes AI dependency risk, but its scanner-based model can't govern agents that install packages and call MCP tools on their own. Here's the gap and how to close it.

Jun 5, 20269 min read
Buyer's Guides

Best Container Scanning Tools in 2026: An Honest Buyer's Guide

An honest guide to the best container scanning tools in 2026 — from open-source scanners like Trivy and Grype to cloud-context platforms like Wiz and Aqua — with clear guidance on which fits your CI/CD pipeline, registry, and runtime.

Jun 4, 20268 min read
Buyer's Guides

Best SCA Tools in 2026: Software Composition Analysis Compared

An honest comparison of the best SCA tools in 2026 — Snyk, Endor Labs, Socket, Mend, Sonatype, JFrog, Trivy, and Safeguard — covering reachability analysis, malicious-package detection, SBOM/AIBOM, and remediation, with a clear best-for line for each.

Jun 3, 20268 min read
SBOM

What Is SLSA (Supply-chain Levels for Software Artifacts)

SLSA verifies how software was built, not just what is inside it. Here is what the four build levels mean and how it differs from SBOM-only tooling.

Jun 2, 20268 min read
Strategy

Post-Quantum Cryptography in 2026: Where Enterprise Migration Actually Stands

The NIST standards are final, the deadlines are real, and the harvest-now-decrypt-later clock is running. Here is an honest look at what enterprise PQC migration looks like in 2026 — and why crypto-agility matters more than picking an algorithm.

Jun 1, 20267 min read
Cloud Security

Container registries explained: Docker Hub vs private/ent...

Docker Hub vs. private/enterprise registries explained, with a look at where JFrog Artifactory fits — and why registry choice alone doesn't solve supply chain security.

May 31, 20268 min read
AI Security

Agentic supply chain security: governing autonomous AI co...

AI coding agents now open PRs, merge code, and touch secrets on their own. Here's why JFrog-style artifact scanning can't govern them, and what can.

May 30, 20267 min read
supply-chain-security (Page 27) — Safeguard Blog