Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1052 articles

Buyer's Guides

Aikido vs Koi: device/browser protection comparison

Aikido Security and Koi Security solve different layers of risk. Heres how they compare on device/browser protection, and where Safeguard fits in.

May 5, 20268 min read
Best Practices

Reducing false positives in security scanning

Most security scan findings never warrant action. Here's why scanners over-alert, what it costs teams, how Aikido's consolidation approach compares, and what actually cuts false positives.

May 4, 20267 min read
Best Practices

Why EDR and proxy tools won't stop supply chain malware

EDR and network proxies were built to watch endpoints and traffic, not evaluate what a dependency does before it runs — here's why that gap keeps letting supply chain malware through.

May 3, 20268 min read
Vulnerability Analysis

Zip Slip: archive extraction path traversal explained

Zip Slip lets malicious archives write files outside their extraction folder via ../ paths — how it works, real CVEs, and how to detect and fix it.

May 3, 20267 min read
Best Practices

Everybody's shipping code they can't read (AI-generated c...

AI coding assistants ship code fast, but studies show nearly half contains vulnerabilities, hallucinated packages, and leaked secrets nobody reviewed.

May 3, 20267 min read
Vulnerability Analysis

Regular expression DoS in the ms npm package

A ReDoS flaw in the ubiquitous npm package ms (CVE-2015-8315) still surfaces in dependency scans today. Here's the impact, fix, and remediation steps.

May 2, 20267 min read
Vulnerability Analysis

Filesystem takeover vulnerabilities in the npm package manager

How npm and node-tar "filesystem takeover" CVEs let malicious packages overwrite files via symlinks and path traversal during install.

May 1, 20267 min read
Industry Analysis

Infrastructure as Code (IaC) scanning explained

A breakdown of how IaC scanning tools catch cloud misconfigurations before deployment, how Aikido Security's bundled approach compares, and what to look for in 2026.

May 1, 20267 min read
Open Source Security

Patch management strategies for open source dependencies

A practical guide to patch management for open source dependencies: prioritizing by reachability and EPSS, not CVSS alone, and building a repeatable remediation loop.

Apr 30, 20267 min read
Industry Analysis

Open source dependency vulnerability scanning explained

How open source vulnerability scanning works, why false positives plague tools like Aikido, and how reachability and SBOMs cut real triage time.

Apr 30, 20267 min read
Buyer's Guides

Trivy alternatives for container and IaC scanning

Trivy alternatives usually aren't about scanner quality — they're about the backlog, SBOM lifecycle, and compliance work that comes after. Trivy vs Safeguard, feature by feature.

Apr 29, 20267 min read
Application Security

iOS application security best practices

Concrete iOS app security controls—Keychain data protection, ATS, dependency vetting, and privacy manifests—grounded in real CVEs like CocoaPods 2024 and BLASTPASS.

Apr 29, 20267 min read
supply-chain-security (Page 33) — Safeguard Blog