supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1053 articles
Python Security Explained
How Python's install-time code execution and open PyPI namespace fuel real supply chain attacks — and what actually reduces the risk.
GitOps
What is GitOps? A clear definition of the Git-driven deployment model, how it differs from DevOps, and what its security model protects against.
Secrets sprawl
What is secrets sprawl? A plain-English breakdown of how API keys and credentials scatter across codebases, and what to do about it.
Ruby Security Explained
Ruby security in one place: the 2019 rest-client hijack, CVE-2022-32224's RCE, RubyGems' MFA mandate, and 2025's credential-stealing gem campaign.
Rust Security Explained
Rust kills most memory-safety bugs, but crates.io supply chain attacks and CVE-2024-24576 prove "written in Rust" isn't a security guarantee.
Container escape
A container escape lets attackers break out of a container into the host or other workloads. Learn how these attacks work, real CVEs, and Kubernetes risk.
How to rotate AWS IAM access keys
A step-by-step guide to safely rotate AWS IAM access keys with zero downtime, plus how to turn it into a lasting credential rotation policy.
Open Source Static Code Analysis Tools
Open source static code analysis tools like Semgrep, CodeQL, and Bandit catch real bugs -- but miss supply-chain flaws like Log4Shell entirely.
How to scan container images for vulnerabilities with Trivy
Learn how to scan container images with Trivy: install it, run your first scan, filter by severity, and gate builds automatically in CI/CD pipelines.
Blocking Malicious Packages at the Proxy Level With Artifactory
Once a compromised dependency reaches a laptop or CI runner, you are doing incident response. Blocked at the Artifactory proxy, it is a log line. Here is the configuration that makes that happen.
Cloud Supply Chain Security Across AWS, Azure, and GCP
Each major cloud provider approaches supply chain security differently. Here's a practical comparison and what it means for multi-cloud organizations.
Signing Container Images: Cosign, Notary, and Why It Matters
Signing container images cryptographically proves an image came from a trusted build and hasn't been tampered with since — here's how Cosign and Notary do it, and why registries alone can't guarantee that.