Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1053 articles

Vulnerability Analysis

Heartbleed OpenSSL memory disclosure (CVE-2014-0160)

Heartbleed (CVE-2014-0160) let attackers silently read server memory over TLS. Here's the impact, timeline, remediation, and how to detect lingering exposure today.

Jan 19, 20268 min read
Cloud Security

Setting up OIDC federation between GitHub Actions and AWS...

A step-by-step guide to setting up AWS OIDC GitHub Actions federation, from IAM provider setup to scoped trust policies, so CI/CD pipelines never need long-lived AWS keys.

Jan 17, 20267 min read
Cloud Security

Common AWS IAM misconfigurations that lead to breaches

Capital One and Code Spaces both fell to AWS IAM misconfigurations, not novel exploits. Here's how overly permissive policies and privilege escalation paths cause real breaches.

Jan 17, 20268 min read
Vulnerability Analysis

ProxyLogon Microsoft Exchange RCE chain (CVE-2021-26855)

A deep dive into ProxyLogon (CVE-2021-26855 and chain): the unauthenticated Exchange RCE that enabled HAFNIUM and mass ransomware attacks.

Jan 17, 20267 min read
Container Security

Scanning Azure Container Registry images for vulnerabilities

A step-by-step guide to enabling Azure Container Registry vulnerability scanning with Microsoft Defender for Containers, plus troubleshooting and gating deployments on scan results.

Jan 17, 20268 min read
Cloud Security

Using Azure AD Workload Identity Federation to remove sec...

How Azure Workload Identity Federation lets AKS and CI workloads swap Azure AD access tokens without ever storing a client secret—and how to migrate safely.

Jan 16, 20267 min read
Cloud Security

Designing least-privilege custom roles with Azure RBAC

A practical guide to designing least-privilege custom roles in Azure RBAC, covering over-permissioning pitfalls, scoping, and audit strategies.

Jan 16, 20267 min read
Vulnerability Analysis

HTTP/2 Rapid Reset DDoS technique (CVE-2023-44487)

CVE-2023-44487 (HTTP/2 Rapid Reset) fueled record DDoS attacks by abusing stream resets. Here's the impact, timeline, and how to remediate it.

Jan 16, 20267 min read
DevSecOps

Securing Azure DevOps pipelines against supply chain comp...

Pipelines now hold more privilege than the apps they build. Here's how Azure DevOps pipeline security actually breaks down—and how to close the gaps.

Jan 16, 20267 min read
Case Studies

How a Fortune 500 Bank Ran Its SBOM Program

An anonymized look at how a Fortune 500 financial services firm operationalized an enterprise SBOM program using Safeguard across 4,200 applications.

Jan 15, 20267 min read
Vulnerability Analysis

OpenSSH forwarded ssh-agent RCE (CVE-2023-38408)

CVE-2023-38408 lets a malicious SSH server hijack a forwarded ssh-agent to run code on the client. Impact, affected versions, and fixes.

Jan 15, 20267 min read
Industry Analysis

5 Software Supply Chain Security Trends Defining 2026

From AI-generated code risks to regulatory enforcement, these are the supply chain security trends that will shape the year ahead.

Jan 15, 20266 min read
supply-chain-security (Page 51) — Safeguard Blog