Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1052 articles

Threat Intelligence

Typosquatting across package registries (npm, Go, PyPI)

Typosquatting has infected npm, PyPI, and now Go modules. We break down real attacks like crossenv and colourama, how Socket.dev detects them, and where the gaps remain.

May 9, 20267 min read
Product

npm/package health and quality scoring methodology

How npm package health scores are calculated, why Socket.dev's model misses live supply chain attacks, and what Safeguard checks instead.

May 8, 20267 min read
Product

Real-time threat feed for open source malware detection

Malicious npm and PyPI packages spread in hours, not days. Here's why real-time threat feeds beat periodic scans, and how Safeguard detects supply chain malware before install.

May 8, 20267 min read
Product

Blocking malicious installs with a dependency firewall

How a dependency firewall stops malicious npm installs before they run, where Socket.dev-style scanners fall short, and how Safeguard closes the gap.

May 8, 20267 min read
Product

Pull-request-level dependency scanning on GitHub

Socket.dev popularized flagging risky dependencies inside GitHub pull requests. Here's how that scanning works, where it falls short, and what closes the gaps.

May 7, 20267 min read
Compliance

Cyber insurance requirements for application security programs

Cyber insurers now require SBOMs, patch SLAs, and audit trails for AppSec programs. Here's what carriers actually ask for and how to pass renewal.

May 7, 20266 min read
AI Security

Security scanning for MCP servers and AI agent tool use

MCP servers give AI agents direct tool access, but most ship unvetted. Here's how security scanning catches tool poisoning and rug-pull attacks.

May 7, 20267 min read
Vulnerability Analysis

Spring4Shell RCE vulnerability explained CVE-2022-22965

CVE-2022-22965 (Spring4Shell) lets attackers achieve unauthenticated RCE on Spring MVC/Tomcat apps. Here's the CVSS/EPSS/KEV data, timeline, and fixes.

May 7, 20267 min read
Vulnerability Analysis

Log4Shell remediation cheat sheet

A practical, no-fluff Log4Shell remediation cheat sheet: affected versions, CVSS/EPSS/KEV context, timeline, and the exact steps to close CVE-2021-44228.

May 6, 20267 min read
Buyer's Guides

Aikido vs Socket: supply chain security comparison

Aikido bundles SAST/DAST/SCA into one ASPM platform; Socket digs into package behavior. Here's where Safeguard's provenance-first approach fits between them.

May 6, 20267 min read
Buyer's Guides

Aikido vs GitGuardian: secrets scanning comparison

Searching "Aikido vs GitGuardian"? Here's how Safeguard's secrets detection, validation, and remediation approach actually compares to Aikido Security.

May 5, 20268 min read
Vulnerability Analysis

The XZ backdoor CVE-2024-3094 deep dive

A technical deep dive into CVE-2024-3094, the XZ Utils/liblzma SSH backdoor: affected versions, severity context, full timeline, and remediation steps.

May 5, 20268 min read
supply-chain-security (Page 32) — Safeguard Blog