Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1053 articles

Compliance

Best compliance management software/tools

Sprinto automates org-wide compliance evidence; Safeguard proves what's inside your software. Here's how the two approaches differ on verifiable ground.

Mar 6, 20267 min read
Industry Analysis

Software Supply Chain Security Market Map 2026

A senior-analyst market map of software supply chain security in 2026: the vendor categories that consolidated, the ones that splintered, and where the budget actually lands.

Mar 6, 20269 min read
Software Supply Chain Security

What is an Attestation (Software Security)

Software attestations are signed, verifiable proofs of how code was built and secured — now a legal requirement for US federal software vendors since March 2024.

Mar 5, 20267 min read
Container Security

Cosign container signing

What is Cosign? A precise look at how this Sigstore tool signs and verifies container images, keyless signing, and how it compares to Notary v2.

Mar 4, 20267 min read
AI Security

What is LLM Jailbreaking

LLM jailbreaking bypasses AI safety guardrails through techniques like DAN prompts, Crescendo, and Skeleton Key — here's how it works and how to defend against it.

Mar 4, 20266 min read
AI Security

What is AI Model Supply Chain Security

Model weights are executable artifacts, not data. Here's how AI model supply chain attacks work, from pickle exploits to weight tampering, and how to stop them.

Mar 4, 20267 min read
AI Security

What is Model Context Protocol (MCP) Security

MCP security explained: how tool poisoning, rug pulls, and 2025's critical CVEs (mcp-remote, MCP Inspector) put AI agents at risk—and how to defend against them.

Mar 3, 20267 min read
Open Source Security

Typosquatting packages

What is typosquatting? A precise breakdown of package typosquatting attacks, real npm and PyPI examples, and how lookalike malicious packages slip into builds.

Mar 3, 20266 min read
AI Security

What is AI Agent Security

AI agent security explained: how autonomous AI agents get attacked through prompt injection, tool poisoning, and exposed MCP servers, and how to stop it.

Mar 3, 20267 min read
AI Security

What is Vibe Coding (and Its Security Risks)

Vibe coding lets AI write entire apps from a prompt with little human review — here's what it is, real incidents it's caused, and how to detect the risk.

Mar 3, 20267 min read
Identity Security

OIDC (OpenID Connect)

A precise technical answer to "what is OIDC": how OpenID Connect extends OAuth 2.0 with ID tokens, federated identity, and token exchange to secure modern authentication.

Mar 1, 20267 min read
Identity Security

Workload identity federation

What is workload identity federation? A precise breakdown of keyless cloud authentication, GitHub Actions OIDC, and short-lived credentials replacing static API keys.

Mar 1, 20268 min read
supply-chain-security (Page 42) — Safeguard Blog