Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1053 articles

Compliance

EU Cyber Resilience Act: Your SBOM Obligations

The EU Cyber Resilience Act makes SBOMs a legal requirement for products with digital elements sold in Europe. Here is what the regulation actually demands, when the deadlines hit, and how to prepare.

Feb 12, 20266 min read
Supply Chain

PyPI Security: Malware Campaigns and How to Defend

The Python Package Index has become a first-class malware channel — from the ctx hijack to the ultralytics pipeline compromise. Here are the campaigns worth studying and the defenses that work.

Feb 12, 20266 min read
Industry Analysis

How to set up a bastion host for secure SSH access

A step-by-step guide to set up bastion host SSH access on AWS, with ProxyJump configs, security group rules, and a verification checklist for hardened jump box access.

Feb 12, 20267 min read
Containers

OSS Container Security: What Changes With Open-Source Base Images

Open-source base images change your patch cadence, your license exposure, and your provenance story — here's what OSS container security actually adds on top of standard image hardening.

Feb 11, 20265 min read
Supply Chain

Open Source Vulnerability Management Tools, Compared

OSV-Scanner, Trivy, Grype, and Dependency-Check all find known CVEs for free, but they differ sharply in language coverage, database freshness, and how far they get you toward an actual fix.

Feb 11, 20266 min read
Vulnerability Analysis

The SolarWinds Supply Chain Attack Explained

How Russian intelligence hijacked SolarWinds' build system to backdoor Orion updates for 18,000 customers, and what security teams must do now.

Feb 11, 20267 min read
Vulnerability Analysis

The XZ Utils Backdoor Explained

A trusted maintainer, years of quiet social engineering, and one hidden SSH backdoor: how CVE-2024-3094 nearly compromised the global Linux supply chain.

Feb 11, 20268 min read
Vulnerability Management

How to configure Nessus for vulnerability scanning

A step-by-step guide to installing Nessus, building scan policies, defining safe targets, and validating results — plus where supply chain risk starts beyond the network scan.

Feb 11, 20267 min read
Vulnerability Analysis

The Codecov Supply Chain Attack Explained

A breakdown of the 2021 Codecov breach: how the Bash Uploader was compromised, what CI secrets were exposed, and the remediation steps teams need now.

Feb 10, 20268 min read
Vulnerability Analysis

The Kaseya VSA Ransomware Attack Explained

A deep dive into the 2021 Kaseya VSA supply chain ransomware attack: the CVE chain, CVSS/KEV context, full timeline, and remediation steps.

Feb 10, 20268 min read
Vulnerability Analysis

The left-pad npm Incident Explained

No CVE, no CVSS — just one unpublished package that broke the internet's build pipelines. Here's what left-pad still teaches security teams.

Feb 9, 20268 min read
Incident Analysis

How to build a disaster recovery and backup strategy

A step-by-step guide to building a disaster recovery backup strategy: RTO/RPO planning, backup architecture, automation, a DR plan checklist, and testing.

Feb 9, 20267 min read
supply-chain-security (Page 46) — Safeguard Blog