supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1053 articles
SCA Security Tools: A Practical Shortlist
A working shortlist of SCA security tools, what actually differentiates them beyond CVE counts, and how to pick an sca solution that fits your ecosystem.
How to set up DAST scanning in a CI/CD pipeline
A practical guide to building a DAST scanning CI/CD pipeline with OWASP ZAP — setup, integration, rule tuning, and troubleshooting for real deployments.
What is EDR (Endpoint Detection and Response)
What EDR actually detects, how it differs from antivirus, XDR, and MDR, and why supply chain attacks like XZ Utils and 3CX slip past it entirely.
What is SIEM
SIEM explained: how it works, what data feeds it, how it differs from SOAR/XDR, and where reachability-based supply chain security fills its blind spots.
What is Network Segmentation
Network segmentation limits breach blast radius by isolating systems into enforced zones. Learn the types, common mistakes, and how to implement it in hybrid clouds.
What is Incident Response
What incident response actually means, its four NIST phases, and why supply chain attacks like Log4Shell and SolarWinds break traditional response assumptions.
What is a Data Breach
A data breach is unauthorized access to sensitive data. See real causes like MOVEit and Log4Shell, average costs, and how to prevent one.
How to implement zero trust network architecture
A practical, step-by-step guide to implement zero trust network architecture: identity, microsegmentation, posture checks, policy-as-code, and verification.
What is Threat Intelligence
Threat intelligence turns raw indicators into actionable defense. Here's what it actually is, its four types, and how it applies to software supply chains.
What is MITRE ATT&CK
MITRE ATT&CK catalogs real attacker behavior into 14 tactics and 200+ techniques. Here's how it works, how it differs from CVE/CWE, and how to use it.
What is a Kill Chain
What is a cyber kill chain? A staged breakdown of how attacks unfold, from Lockheed Martin's 7 stages to why supply chain attacks break the model.
Open Source Security Management: From Policy to Pipeline
A policy document nobody enforces is theater. Here is how to turn open source rules into pipeline checks that developers can live with.