Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1052 articles

Application Security

Android application security best practices

A practical, evidence-based guide to Android app security: data storage, network hardening, SDK risk, and CI/CD signing, with concrete CVEs and stats.

Apr 29, 20266 min read
Open Source Security

Securing mobile app dependencies: CocoaPods and Gradle

CocoaPods and Gradle power millions of mobile apps. See how orphaned pods, build-script RCE, and dependency confusion put them at real risk today.

Apr 29, 20267 min read
Container Security

OSS container image scanning tools compared

Trivy finds CVEs fast and free. Safeguard compares how each handles fleet-wide inventory, triage, policy enforcement, and audit evidence at scale.

Apr 29, 20267 min read
DevSecOps

GitHub secret scanning vs dedicated scanning tools

GitHub secret scanning vs Trivy: how push protection, validity checks, and multi-source coverage differ, and where Safeguard fits for cross-repo remediation.

Apr 28, 20267 min read
Application Security

Electron app security best practices

nodeIntegration, contextIsolation, Chromium patch lag, and npm supply chain risk: the Electron security best practices that actually stop RCE.

Apr 28, 20267 min read
Software Supply Chain Security

Securing IoT device firmware supply chains

How Ripple20, Mirai, and Realtek SDK flaws exposed IoT firmware supply chains, what EU CRA and FDA SBOM rules require, and what reachability adds.

Apr 28, 20267 min read
Vulnerability Analysis

How Trivy sources vulnerability data (NVD, vendor advisor...

Trivy's CVE data comes from NVD, GHSA, and distro trackers compiled into a periodic snapshot — not kube-hunter. Here's how the pipeline really works, and where it lags.

Apr 27, 20267 min read
Cloud Security

CNAPP according to Gartner: capabilities and evaluation c...

Gartner's CNAPP framework demands unified risk correlation, not bundled scanners. Here's how Trivy (Aqua) maps to it — and where supply chain security closes the gap.

Apr 27, 20267 min read
Container Security

Container security best practices checklist

A practical container security checklist covering base images, scanning limits, runtime risk, and why CVE scans like Trivy alone miss most real supply chain threats.

Apr 26, 20267 min read
Vulnerability Management

Risk-based vulnerability management explained

Why CVSS severity alone fails to prioritize vulnerabilities, how Trivy's default scoring falls short, and how EPSS, CISA KEV, and reachability data cut remediation backlogs by 95%+.

Apr 24, 20268 min read
Open Source Security

5 risks of open source software in 2026

Open source now makes up most enterprise code. Here are 5 risks defining open source software security in 2026 — and how to close the exploitability gap.

Apr 24, 20267 min read
Industry Analysis

JavaScript frameworks security report

Safeguard's H1 2026 audit finds 61% of JS repos ship a high-severity framework CVE, with a 47-day median patch lag attackers routinely beat.

Apr 24, 20267 min read
supply-chain-security (Page 34) — Safeguard Blog