supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1053 articles
Compromised npm packages in the React and Next.js build p...
A react npm supply chain incident case study: how a phishing attack on a single maintainer compromised chalk, debug, and other build-pipeline dependencies.
AI Agent Security: 6 Risks Beyond Traditional Controls
Gartner projects a third of enterprise apps will run agentic AI by 2028. Here are six AI agent security risks traditional controls miss.
Maven and Gradle dependency supply chain attacks in the J...
How attackers exploit Maven Central and the Gradle Plugin Portal — dependency confusion, malicious artifacts, and plugin takeovers — and how to defend Java builds.
Agent Security Buyer's Guide Overview
As AI agents gain production write-access across the enterprise, security teams need a rigorous buyer's guide to separate real agent security platforms from repackaged AppSec dashboards.
MCP vs Skills vs Hooks vs Rules Explained
MCP, Skills, hooks, and rules extend AI coding agents in very different ways — two execute code, two only steer behavior. Here's how each one breaks.
How to enable and configure Amazon ECR image scanning for...
A step-by-step guide to enabling AWS ECR image scanning, from basic vs. enhanced scanning and scan-on-push to CI/CD gating, finding triage, and troubleshooting.
Best practices for implementing least-privilege IAM polic...
A practical guide to designing least-privilege IAM policies in AWS: permission boundaries, policy patterns, and habits that keep access tight as teams scale.
Hardening Amazon EKS clusters against common attack paths
A step-by-step guide to EKS security best practices: lock down IAM, enforce pod security standards, segment networks, and verify every control.
What is a CI/CD Secrets Leak
A CI/CD secrets leak exposes real credentials through build logs, forks, or compromised Actions. Here's how it happens and how to stop it.
Signing container images with AWS Signer for supply chain...
A practical walkthrough for signing container images with AWS Signer, verifying them in ECR and EKS, and closing supply chain gaps with cryptographic trust.
Securing AWS CodePipeline and CodeBuild against supply ch...
CodePipeline and CodeBuild sit where code, secrets, and compute converge unattended — here's where supply chain attacks actually enter and how to close the gaps.
How AWS STS temporary credentials reduce long-lived key risk
Long-lived AWS keys sit in code and CI logs for years. AWS STS temporary credentials expire automatically, shrinking the window attackers have to exploit a leak.