supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1053 articles
EU Cyber Resilience Act: Your SBOM Obligations
The EU Cyber Resilience Act makes SBOMs a legal requirement for products with digital elements sold in Europe. Here is what the regulation actually demands, when the deadlines hit, and how to prepare.
PyPI Security: Malware Campaigns and How to Defend
The Python Package Index has become a first-class malware channel — from the ctx hijack to the ultralytics pipeline compromise. Here are the campaigns worth studying and the defenses that work.
How to set up a bastion host for secure SSH access
A step-by-step guide to set up bastion host SSH access on AWS, with ProxyJump configs, security group rules, and a verification checklist for hardened jump box access.
OSS Container Security: What Changes With Open-Source Base Images
Open-source base images change your patch cadence, your license exposure, and your provenance story — here's what OSS container security actually adds on top of standard image hardening.
Open Source Vulnerability Management Tools, Compared
OSV-Scanner, Trivy, Grype, and Dependency-Check all find known CVEs for free, but they differ sharply in language coverage, database freshness, and how far they get you toward an actual fix.
The SolarWinds Supply Chain Attack Explained
How Russian intelligence hijacked SolarWinds' build system to backdoor Orion updates for 18,000 customers, and what security teams must do now.
The XZ Utils Backdoor Explained
A trusted maintainer, years of quiet social engineering, and one hidden SSH backdoor: how CVE-2024-3094 nearly compromised the global Linux supply chain.
How to configure Nessus for vulnerability scanning
A step-by-step guide to installing Nessus, building scan policies, defining safe targets, and validating results — plus where supply chain risk starts beyond the network scan.
The Codecov Supply Chain Attack Explained
A breakdown of the 2021 Codecov breach: how the Bash Uploader was compromised, what CI secrets were exposed, and the remediation steps teams need now.
The Kaseya VSA Ransomware Attack Explained
A deep dive into the 2021 Kaseya VSA supply chain ransomware attack: the CVE chain, CVSS/KEV context, full timeline, and remediation steps.
The left-pad npm Incident Explained
No CVE, no CVSS — just one unpublished package that broke the internet's build pipelines. Here's what left-pad still teaches security teams.
How to build a disaster recovery and backup strategy
A step-by-step guide to building a disaster recovery backup strategy: RTO/RPO planning, backup architecture, automation, a DR plan checklist, and testing.