Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1053 articles

Container Security

Docker image security fundamentals (quick-start guide)

A practical guide to docker image security: how vulnerabilities hide in base images, common misconfigurations, how scanning works, and a five-step quick-start checklist.

Mar 27, 20268 min read
DevSecOps

What is DevSecOps? (principles, workflow, tooling)

DevSecOps explained: the principles, CI/CD workflow, and scanning tools that build security into every commit instead of bolting it on at release.

Mar 26, 20267 min read
Vulnerability Analysis

What is Phishing

Phishing drives more breaches than any other attack vector. Here's how it works, how it hits software supply chains, and how to defend against it.

Mar 26, 20268 min read
DevSecOps

CI/CD security and compliance integration

How CI/CD pipelines became the top supply chain attack surface, where scan-only tools like Anchore fall short on compliance evidence, and how Safeguard unifies both.

Mar 26, 20267 min read
Vulnerability Analysis

What is Social Engineering

Social engineering causes 68% of breaches per Verizon's 2024 DBIR. Learn how it works, common attack types, and how it threatens the software supply chain.

Mar 25, 20266 min read
Tools

Open source dependency scanning (OSS composition risk)

Open source dependency scanning has moved from periodic audits to a CI/CD gate. Here's how it works, where Anchore fits, and where Safeguard differs.

Mar 25, 20268 min read
Vulnerability Analysis

What is Malware

Malware now hides in open source packages and CI pipelines, not just email attachments. Here's what it is, how it spreads, and how to catch it early.

Mar 25, 20267 min read
Vulnerability Analysis

What is Ransomware

Ransomware costs organizations $2.73M on average to recover from. Learn how it works, its top infection vectors, and how to defend against it.

Mar 25, 20267 min read
Vulnerability Analysis

What is Zip Slip Vulnerability

Zip Slip lets attackers escape archive extraction via path traversal to overwrite files and gain code execution. Here's how it works and how to stop it.

Mar 25, 20266 min read
Vulnerability Analysis

What is Prototype Pollution

Prototype pollution lets attackers corrupt Object.prototype via unsafe merges, turning a data bug in lodash, jQuery, or minimist into RCE.

Mar 24, 20266 min read
Supply Chain

Software Supply Chain Security News: How to Actually Track It

Software supply chain security news moves across a dozen disconnected sources — registries, CVE feeds, vendor blogs — here's a repeatable system for not missing the one that hits you.

Mar 24, 20265 min read
Regulatory Compliance

EU AI Act and ISO 42001: how the two frameworks interact

How the EU AI Act's binding rules and ISO 42001's voluntary AIMS overlap, and how supply-chain evidence closes gaps generic GRC tools can't.

Mar 22, 20268 min read
supply-chain-security (Page 39) — Safeguard Blog