Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1053 articles

Application Security

Security concerns of using the Node.js VM module as a sandbox

Node's vm module and vm2 were never a security boundary. Four critical CVEs and a 2023 deprecation prove why untrusted-code sandboxes need real isolation.

Apr 17, 20261 min read
Supply Chain

Open Source Sustainability Is an Attack Surface Problem

Unmaintained, underfunded open source is not just a reliability risk — it is how attackers get in. The xz Utils backdoor proved that maintainer burnout is a security vulnerability with a CVE number.

Apr 16, 20266 min read
Container Security

Container Registry Scanning

How container registry scanning actually works, why Aqua's Trivy isn't enough on its own, what the xz-utils backdoor exposed, and how Safeguard prioritizes findings that matter.

Apr 16, 20268 min read
Container Security

Kubernetes Secrets

Kubernetes Secrets are base64, not encrypted, by default. Here is how they actually leak, why scanners like Aqua fall short, and how to fix it.

Apr 15, 20268 min read
Cloud Security

Software Supply Chain Attacks

Software supply chain attacks like SolarWinds, XZ Utils, and polyfill.io exploit trust, not code. Here's how they work and how Safeguard closes the provenance gap.

Apr 14, 20267 min read
Cloud Security

Repojacking

Aqua Security found nearly 37,000 GitHub repos vulnerable to repojacking, including Google and Lyft. Here's how the attack works and how Safeguard catches it.

Apr 13, 20267 min read
Cloud Security

Container Image Signing

Signing tells you where a container image came from; scanning only tells you what's inside it. Here's how image signing works, how Aqua handles it, and what a complete solution needs.

Apr 13, 20268 min read
Vulnerability Management

MITRE ATT&CK Framework

MITRE ATT&CK maps 200+ attacker techniques, but runtime tools like Aqua only catch supply chain compromise after deployment. Here's the build-time gap and how to close it.

Apr 13, 20267 min read
Cloud Security

Benefits of Cloud Security Posture Management (CSPM)

CSPM cuts breach risk and audit time by catching cloud misconfigurations before attackers do. See the data on cost, MTTR, and where Prisma Cloud falls short.

Apr 11, 20267 min read
Industry Analysis

DSPM Market Size: 2026 guide

DSPM spending is set to grow 25%+ annually through 2026. Here's how the market size breaks down, how Prisma Cloud fits in, and where supply chain security closes the gap.

Apr 11, 20268 min read
Application Security

Web Application Security Risks & Best Practices

Web app flaws like MOVEit and Log4Shell keep causing breaches. Here's what's actually exploitable in 2026, and how to fix it before attackers do.

Apr 10, 20267 min read
Application Security

What is Attack Surface Management

Attack surface management explained: what it covers, how it differs from vulnerability management, and why CISA and Gartner now treat it as core AppSec.

Apr 9, 20266 min read
supply-chain-security (Page 36) — Safeguard Blog