supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1052 articles
5 best practices for React with TypeScript security
TypeScript's type system stops at compile time. Five concrete practices — with real CVEs and incidents — for securing React + TypeScript apps against what it misses.
10 GitHub security best practices
10 concrete GitHub security controls—2FA, push protection, branch rules, pinned Actions, SBOM—with real CVEs and dates security teams can act on today.
Cheat sheet: 10 Bitbucket security best practices
A concrete, numbers-first cheat sheet covering the 10 Bitbucket security settings that stop misconfigurations from becoming supply chain breaches.
Communicating security posture to customers/investors via...
How to turn SBOMs into a real vendor-risk communication tool for customers and investors, and where Mend.io's scan-first approach falls short.
Log4j-style incident response using SBOM inventories
How SBOM inventories turned days of Log4Shell triage into minutes-long queries — and why scanner-first tools like Mend.io struggled when every team needed answers at once.
Rust memory safety and its security advantages
Memory safety bugs cause ~70% of Microsoft's CVEs. Here's how Rust's ownership model eliminates them at compile time, with real CVE examples.
Claude, GPT, and Coding Harness Security: Comparing Model...
Claude and GPT both write vulnerable code by default in coding harnesses. Comparing model behavior, then Safeguard's approach versus Endor Labs' reachability-first SCA.
Securing Laravel PHP applications
CVE-2021-3129, leaked APP_KEYs, and Eloquent mass assignment still compromise Laravel apps in 2026 — here's how each attack works and how to close it.
Securing WordPress plugin dependencies
Real CVEs, a supply-chain hack that hit 360,000 sites, and bundled-library blind spots: what WordPress plugin security actually requires in 2026.
Software Supply Chain Security Solutions: A Comparison Framework
A framework for comparing software supply chain security solutions across the four capabilities that matter, SBOM generation, dependency scanning, provenance verification, and CI/CD gating.
Endor Labs vs Safeguard: Reachability-Based SCA Compared
How Endor Labs and Safeguard both use reachability analysis to cut SCA noise, and where their scope and approach to supply chain security diverge.
Reachability Analysis Explained: Function-Level vs Packag...
Package-level reachability flags 60% of CVEs as "reachable." Function-level analysis, tracing real call paths, cuts that to under 10%. Here's the difference.