Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1053 articles

Regulatory Compliance

ISO 27001 certification: complete guide and requirements

ISO 27001 requirements explained: the 93 Annex A controls, clause structure, audit timeline, and where supply chain security controls fit into certification.

Mar 14, 20267 min read
Cloud Security

What is IAM (Identity and Access Management)

IAM defines who and what can access your systems, and getting it wrong is a root cause behind breaches at Capital One, Toyota, Uber, and CircleCI.

Mar 13, 20268 min read
Cloud Security

What is the Principle of Least Privilege

The principle of least privilege limits every user and system to only the access it needs. Here's how it works and why it matters for cloud security.

Mar 13, 20267 min read
Cloud Security

What is Zero Trust Security

Zero trust means never trusting a user, device, or workload by default. Here's what NIST 800-207 actually requires, why it applies to supply chains too.

Mar 13, 20266 min read
Best Practices

Automating Third-Party Risk Assessment: Moving Beyond Spreadsheets and Questionnaires

Why manual vendor risk assessments are failing, and how automation is reshaping third-party risk management for software supply chains.

Mar 12, 20267 min read
Infrastructure Security

What is Terraform Security

Terraform security means finding and fixing risks in IaC code, state files, and providers before they become live cloud misconfigurations.

Mar 12, 20266 min read
Supply Chain

PyPI Malware in 2026: What Changed

PyPI malware today looks less like typosquats and more like AI-assisted campaigns that mimic legitimate maintainers — here's what shifted and how teams are catching it before install.

Mar 11, 20265 min read
Infrastructure Security

What is GitOps Security

GitOps turns your Git repo into the source of truth for production, so one bad commit or stolen credential can mean a full cluster takeover.

Mar 11, 20267 min read
Compliance

SOC 2 readiness assessment guide plus free checklist

A practical SOC 2 readiness assessment guide with a free checklist covering timelines, costs, and the supply chain evidence gaps generic GRC tools like Secureframe miss.

Mar 11, 20267 min read
Industry Trends

Software Signing and Code Integrity in 2026: The Practical State of Play

Where software signing stands today, what Sigstore and friends changed, and why most organizations still ship unsigned artifacts.

Mar 8, 20267 min read
DevSecOps

What is Continuous Security

Continuous security scans code, dependencies, containers, and infra on every commit — not once a quarter. Here's how it works and why it replaced periodic audits.

Mar 8, 20266 min read
DevSecOps

What is CI/CD Pipeline Poisoning

CI/CD pipeline poisoning lets attackers hijack your build automation to steal secrets and plant backdoors. Here's how it works and how to stop it.

Mar 7, 20267 min read
supply-chain-security (Page 41) — Safeguard Blog