supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1053 articles
Best compliance management software/tools
Sprinto automates org-wide compliance evidence; Safeguard proves what's inside your software. Here's how the two approaches differ on verifiable ground.
Software Supply Chain Security Market Map 2026
A senior-analyst market map of software supply chain security in 2026: the vendor categories that consolidated, the ones that splintered, and where the budget actually lands.
What is an Attestation (Software Security)
Software attestations are signed, verifiable proofs of how code was built and secured — now a legal requirement for US federal software vendors since March 2024.
Cosign container signing
What is Cosign? A precise look at how this Sigstore tool signs and verifies container images, keyless signing, and how it compares to Notary v2.
What is LLM Jailbreaking
LLM jailbreaking bypasses AI safety guardrails through techniques like DAN prompts, Crescendo, and Skeleton Key — here's how it works and how to defend against it.
What is AI Model Supply Chain Security
Model weights are executable artifacts, not data. Here's how AI model supply chain attacks work, from pickle exploits to weight tampering, and how to stop them.
What is Model Context Protocol (MCP) Security
MCP security explained: how tool poisoning, rug pulls, and 2025's critical CVEs (mcp-remote, MCP Inspector) put AI agents at risk—and how to defend against them.
Typosquatting packages
What is typosquatting? A precise breakdown of package typosquatting attacks, real npm and PyPI examples, and how lookalike malicious packages slip into builds.
What is AI Agent Security
AI agent security explained: how autonomous AI agents get attacked through prompt injection, tool poisoning, and exposed MCP servers, and how to stop it.
What is Vibe Coding (and Its Security Risks)
Vibe coding lets AI write entire apps from a prompt with little human review — here's what it is, real incidents it's caused, and how to detect the risk.
OIDC (OpenID Connect)
A precise technical answer to "what is OIDC": how OpenID Connect extends OAuth 2.0 with ID tokens, federated identity, and token exchange to secure modern authentication.
Workload identity federation
What is workload identity federation? A precise breakdown of keyless cloud authentication, GitHub Actions OIDC, and short-lived credentials replacing static API keys.