supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1053 articles
Docker image security fundamentals (quick-start guide)
A practical guide to docker image security: how vulnerabilities hide in base images, common misconfigurations, how scanning works, and a five-step quick-start checklist.
What is DevSecOps? (principles, workflow, tooling)
DevSecOps explained: the principles, CI/CD workflow, and scanning tools that build security into every commit instead of bolting it on at release.
What is Phishing
Phishing drives more breaches than any other attack vector. Here's how it works, how it hits software supply chains, and how to defend against it.
CI/CD security and compliance integration
How CI/CD pipelines became the top supply chain attack surface, where scan-only tools like Anchore fall short on compliance evidence, and how Safeguard unifies both.
What is Social Engineering
Social engineering causes 68% of breaches per Verizon's 2024 DBIR. Learn how it works, common attack types, and how it threatens the software supply chain.
Open source dependency scanning (OSS composition risk)
Open source dependency scanning has moved from periodic audits to a CI/CD gate. Here's how it works, where Anchore fits, and where Safeguard differs.
What is Malware
Malware now hides in open source packages and CI pipelines, not just email attachments. Here's what it is, how it spreads, and how to catch it early.
What is Ransomware
Ransomware costs organizations $2.73M on average to recover from. Learn how it works, its top infection vectors, and how to defend against it.
What is Zip Slip Vulnerability
Zip Slip lets attackers escape archive extraction via path traversal to overwrite files and gain code execution. Here's how it works and how to stop it.
What is Prototype Pollution
Prototype pollution lets attackers corrupt Object.prototype via unsafe merges, turning a data bug in lodash, jQuery, or minimist into RCE.
Software Supply Chain Security News: How to Actually Track It
Software supply chain security news moves across a dozen disconnected sources — registries, CVE feeds, vendor blogs — here's a repeatable system for not missing the one that hits you.
EU AI Act and ISO 42001: how the two frameworks interact
How the EU AI Act's binding rules and ISO 42001's voluntary AIMS overlap, and how supply-chain evidence closes gaps generic GRC tools can't.