Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1052 articles

DevSecOps

Building a secure CI/CD pipeline with GitHub Actions

The tj-actions breach exposed secrets in 23,000 repos. Here's how pwn requests, unpinned tags, and self-hosted runners put your CI/CD at risk.

May 18, 20267 min read
Industry Analysis

Exploring vulnerabilities in GitHub Actions workflows

From the tj-actions/changed-files hijack to PyTorch's self-hosted runner breach, real incidents show how GitHub Actions workflows keep getting exploited.

May 17, 20266 min read
DevSecOps

Securing self-hosted GitHub Actions runners

Self-hosted GitHub Actions runners trade GitHub's ephemeral isolation for persistent infrastructure access — here's how real incidents like CVE-2025-30066 exploited that gap.

May 17, 20267 min read
Application Security

Finding and fixing exposed hardcoded secrets in GitHub projects

Hardcoded secrets leak into GitHub every day and get exploited within minutes. Here's how to find, fix, and prevent exposed credentials at scale.

May 16, 20266 min read
Vulnerability Management

Automated Dependency Patches: How Endor-Style Patch Gener...

Endor Labs generates automated dependency patches using reachability and AI rewrites. Here's how the pipeline works, where it breaks, and Safeguard's approach.

May 16, 20267 min read
Vulnerability Management

CVE vs CVSS vs EPSS vs SSVC scoring compared

CVE tells you a flaw exists, CVSS rates severity, EPSS predicts exploitation, and SSVC drives decisions. Here's how Safeguard and Socket.dev use each differently.

May 13, 20268 min read
Compliance

SSO, SCIM, and Vanta integrations for compliance-driven t...

How SSO, SCIM, and native Vanta integration shape audit readiness for supply chain security tools, and where Safeguard's approach differs from Socket.dev's.

May 12, 20267 min read
Compliance

GDPR compliance considerations for application security teams

GDPR's Article 32 doesn't name SAST or SBOM, but fines like Meta's €1.2B and BA's £20m trace straight back to AppSec gaps.

May 12, 20266 min read
Compliance

Does Socket.dev store or upload your source code?

Does Socket.dev see your proprietary source code? Here's how dependency scanners access repos, and where Safeguard draws the compliance line.

May 12, 20267 min read
Compliance

FedRAMP authorization for cloud service providers explained

A concrete walkthrough of FedRAMP authorization for CSPs: impact levels, control counts, timelines, costs, FedRAMP 20x, and continuous monitoring deadlines.

May 11, 20267 min read
Industry Analysis

Malicious postinstall scripts in npm packages

From eslint-scope in 2018 to the 2025 Shai-Hulud worm, npm postinstall scripts keep delivering malware before any scan or review runs. Here's how it works and what stops it.

May 10, 20267 min read
Threat Intelligence

Malicious PyPI packages: common infiltration patterns

Real malicious PyPI package examples — typosquats, dependency confusion, hijacked maintainers, and crypto stealers — and how Safeguard catches them before install.

May 10, 20268 min read
supply-chain-security (Page 31) — Safeguard Blog