supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1053 articles
ISO 27001 certification: complete guide and requirements
ISO 27001 requirements explained: the 93 Annex A controls, clause structure, audit timeline, and where supply chain security controls fit into certification.
What is IAM (Identity and Access Management)
IAM defines who and what can access your systems, and getting it wrong is a root cause behind breaches at Capital One, Toyota, Uber, and CircleCI.
What is the Principle of Least Privilege
The principle of least privilege limits every user and system to only the access it needs. Here's how it works and why it matters for cloud security.
What is Zero Trust Security
Zero trust means never trusting a user, device, or workload by default. Here's what NIST 800-207 actually requires, why it applies to supply chains too.
Automating Third-Party Risk Assessment: Moving Beyond Spreadsheets and Questionnaires
Why manual vendor risk assessments are failing, and how automation is reshaping third-party risk management for software supply chains.
What is Terraform Security
Terraform security means finding and fixing risks in IaC code, state files, and providers before they become live cloud misconfigurations.
PyPI Malware in 2026: What Changed
PyPI malware today looks less like typosquats and more like AI-assisted campaigns that mimic legitimate maintainers — here's what shifted and how teams are catching it before install.
What is GitOps Security
GitOps turns your Git repo into the source of truth for production, so one bad commit or stolen credential can mean a full cluster takeover.
SOC 2 readiness assessment guide plus free checklist
A practical SOC 2 readiness assessment guide with a free checklist covering timelines, costs, and the supply chain evidence gaps generic GRC tools like Secureframe miss.
Software Signing and Code Integrity in 2026: The Practical State of Play
Where software signing stands today, what Sigstore and friends changed, and why most organizations still ship unsigned artifacts.
What is Continuous Security
Continuous security scans code, dependencies, containers, and infra on every commit — not once a quarter. Here's how it works and why it replaced periodic audits.
What is CI/CD Pipeline Poisoning
CI/CD pipeline poisoning lets attackers hijack your build automation to steal secrets and plant backdoors. Here's how it works and how to stop it.