supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1053 articles
Heartbleed OpenSSL memory disclosure (CVE-2014-0160)
Heartbleed (CVE-2014-0160) let attackers silently read server memory over TLS. Here's the impact, timeline, remediation, and how to detect lingering exposure today.
Setting up OIDC federation between GitHub Actions and AWS...
A step-by-step guide to setting up AWS OIDC GitHub Actions federation, from IAM provider setup to scoped trust policies, so CI/CD pipelines never need long-lived AWS keys.
Common AWS IAM misconfigurations that lead to breaches
Capital One and Code Spaces both fell to AWS IAM misconfigurations, not novel exploits. Here's how overly permissive policies and privilege escalation paths cause real breaches.
ProxyLogon Microsoft Exchange RCE chain (CVE-2021-26855)
A deep dive into ProxyLogon (CVE-2021-26855 and chain): the unauthenticated Exchange RCE that enabled HAFNIUM and mass ransomware attacks.
Scanning Azure Container Registry images for vulnerabilities
A step-by-step guide to enabling Azure Container Registry vulnerability scanning with Microsoft Defender for Containers, plus troubleshooting and gating deployments on scan results.
Using Azure AD Workload Identity Federation to remove sec...
How Azure Workload Identity Federation lets AKS and CI workloads swap Azure AD access tokens without ever storing a client secret—and how to migrate safely.
Designing least-privilege custom roles with Azure RBAC
A practical guide to designing least-privilege custom roles in Azure RBAC, covering over-permissioning pitfalls, scoping, and audit strategies.
HTTP/2 Rapid Reset DDoS technique (CVE-2023-44487)
CVE-2023-44487 (HTTP/2 Rapid Reset) fueled record DDoS attacks by abusing stream resets. Here's the impact, timeline, and how to remediate it.
Securing Azure DevOps pipelines against supply chain comp...
Pipelines now hold more privilege than the apps they build. Here's how Azure DevOps pipeline security actually breaks down—and how to close the gaps.
How a Fortune 500 Bank Ran Its SBOM Program
An anonymized look at how a Fortune 500 financial services firm operationalized an enterprise SBOM program using Safeguard across 4,200 applications.
OpenSSH forwarded ssh-agent RCE (CVE-2023-38408)
CVE-2023-38408 lets a malicious SSH server hijack a forwarded ssh-agent to run code on the client. Impact, affected versions, and fixes.
5 Software Supply Chain Security Trends Defining 2026
From AI-generated code risks to regulatory enforcement, these are the supply chain security trends that will shape the year ahead.