supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1053 articles
What is a Software License
A software license governs how open source code can be used, modified, and redistributed — and license conflicts now carry real contract-law risk, as the Vizio GPL case shows.
How to set up an incident response plan
A practical guide to building an incident response plan for software supply chain security, with a ready-to-use playbook template and concrete detection steps.
How to configure DNSSEC
A practical, command-by-command guide to configure DNSSEC on managed and self-hosted DNS, verify the chain of trust, and prevent DNS spoofing across your supply chain.
How to set up SPF, DKIM, and DMARC for email security
A step-by-step guide to setting up SPF, DKIM, and DMARC records to stop email spoofing and secure your domain sending reputation.
How to set up endpoint detection and response (EDR)
A step-by-step guide to setting up EDR across your fleet: choosing a platform, deploying agents, tuning policies, and verifying coverage before an incident tests it for you.
Using cargo-audit and the RustSec Advisory Database to ca...
A hands-on cargo-audit tutorial: scan Rust dependencies against the RustSec advisory database, interpret results, and block vulnerable crates before they ship.
What is a Trust Boundary
A trust boundary is where data crosses into a higher-privilege context and must be verified. Learn where they hide and how breaches like Log4Shell exploited them.
Anatomy of a Go module supply chain compromise: lessons f...
Real incidents like the xz-utils backdoor reveal the anatomy of a go module supply chain compromise: maintainer trust, init() execution, and immutable proxy caching.
RubyGems supply chain attacks: gem typosquatting and hija...
A look at RubyGems typosquatting and maintainer takeovers: how malicious Ruby gems slip into the supply chain, and what actually stops them.
Bundler dependency pinning and Gemfile.lock as a supply c...
A step-by-step guide to Gemfile.lock security: pin gems deliberately, enforce ruby lockfile integrity with checksums, and lock down bundle install in CI/CD.
Ruby deserialization vulnerabilities: Marshal.load, YAML....
A decade of Ruby CVEs — from CVE-2013-0156 to CVE-2022-32224 — shows how Marshal.load and YAML.load turn untrusted input into remote code execution.
Case study: RubyGems account takeover incidents and their...
A look at real RubyGems account takeover incidents, including the rest-client hijack, and what they reveal about Ruby supply chain risk.