Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1053 articles

Industry Analysis

Python Security Explained

How Python's install-time code execution and open PyPI namespace fuel real supply chain attacks — and what actually reduces the risk.

Feb 24, 20267 min read
DevSecOps

GitOps

What is GitOps? A clear definition of the Git-driven deployment model, how it differs from DevOps, and what its security model protects against.

Feb 24, 20268 min read
DevSecOps

Secrets sprawl

What is secrets sprawl? A plain-English breakdown of how API keys and credentials scatter across codebases, and what to do about it.

Feb 24, 20267 min read
Industry Analysis

Ruby Security Explained

Ruby security in one place: the 2019 rest-client hijack, CVE-2022-32224's RCE, RubyGems' MFA mandate, and 2025's credential-stealing gem campaign.

Feb 23, 20267 min read
Industry Analysis

Rust Security Explained

Rust kills most memory-safety bugs, but crates.io supply chain attacks and CVE-2024-24576 prove "written in Rust" isn't a security guarantee.

Feb 22, 20266 min read
Container Security

Container escape

A container escape lets attackers break out of a container into the host or other workloads. Learn how these attacks work, real CVEs, and Kubernetes risk.

Feb 22, 20267 min read
Cloud Security

How to rotate AWS IAM access keys

A step-by-step guide to safely rotate AWS IAM access keys with zero downtime, plus how to turn it into a lasting credential rotation policy.

Feb 21, 20267 min read
Tools

Open Source Static Code Analysis Tools

Open source static code analysis tools like Semgrep, CodeQL, and Bandit catch real bugs -- but miss supply-chain flaws like Log4Shell entirely.

Feb 20, 20268 min read
Container Security

How to scan container images for vulnerabilities with Trivy

Learn how to scan container images with Trivy: install it, run your first scan, filter by severity, and gate builds automatically in CI/CD pipelines.

Feb 19, 20267 min read
Supply Chain

Blocking Malicious Packages at the Proxy Level With Artifactory

Once a compromised dependency reaches a laptop or CI runner, you are doing incident response. Blocked at the Artifactory proxy, it is a log line. Here is the configuration that makes that happen.

Feb 18, 20266 min read
Cloud Security

Cloud Supply Chain Security Across AWS, Azure, and GCP

Each major cloud provider approaches supply chain security differently. Here's a practical comparison and what it means for multi-cloud organizations.

Feb 18, 20266 min read
Container Security

Signing Container Images: Cosign, Notary, and Why It Matters

Signing container images cryptographically proves an image came from a trusted build and hasn't been tampered with since — here's how Cosign and Notary do it, and why registries alone can't guarantee that.

Feb 18, 20266 min read
supply-chain-security (Page 44) — Safeguard Blog