supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1052 articles
Aikido vs Koi: device/browser protection comparison
Aikido Security and Koi Security solve different layers of risk. Heres how they compare on device/browser protection, and where Safeguard fits in.
Reducing false positives in security scanning
Most security scan findings never warrant action. Here's why scanners over-alert, what it costs teams, how Aikido's consolidation approach compares, and what actually cuts false positives.
Why EDR and proxy tools won't stop supply chain malware
EDR and network proxies were built to watch endpoints and traffic, not evaluate what a dependency does before it runs — here's why that gap keeps letting supply chain malware through.
Zip Slip: archive extraction path traversal explained
Zip Slip lets malicious archives write files outside their extraction folder via ../ paths — how it works, real CVEs, and how to detect and fix it.
Everybody's shipping code they can't read (AI-generated c...
AI coding assistants ship code fast, but studies show nearly half contains vulnerabilities, hallucinated packages, and leaked secrets nobody reviewed.
Regular expression DoS in the ms npm package
A ReDoS flaw in the ubiquitous npm package ms (CVE-2015-8315) still surfaces in dependency scans today. Here's the impact, fix, and remediation steps.
Filesystem takeover vulnerabilities in the npm package manager
How npm and node-tar "filesystem takeover" CVEs let malicious packages overwrite files via symlinks and path traversal during install.
Infrastructure as Code (IaC) scanning explained
A breakdown of how IaC scanning tools catch cloud misconfigurations before deployment, how Aikido Security's bundled approach compares, and what to look for in 2026.
Patch management strategies for open source dependencies
A practical guide to patch management for open source dependencies: prioritizing by reachability and EPSS, not CVSS alone, and building a repeatable remediation loop.
Open source dependency vulnerability scanning explained
How open source vulnerability scanning works, why false positives plague tools like Aikido, and how reachability and SBOMs cut real triage time.
Trivy alternatives for container and IaC scanning
Trivy alternatives usually aren't about scanner quality — they're about the backlog, SBOM lifecycle, and compliance work that comes after. Trivy vs Safeguard, feature by feature.
iOS application security best practices
Concrete iOS app security controls—Keychain data protection, ATS, dependency vetting, and privacy manifests—grounded in real CVEs like CocoaPods 2024 and BLASTPASS.