Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1053 articles

Cloud Security

Choosing between Key Vault access policies and RBAC permi...

Access policies or RBAC? A concrete breakdown of Azure Key Vault's two permission models, when each still makes sense, and how to migrate safely.

Jan 15, 20267 min read
DevSecOps

Signing container images and generating SBOMs in Azure pi...

A practical walkthrough for Azure container image signing with Notation and ACR content trust, plus generating SBOMs inside Azure DevOps pipelines.

Jan 15, 20267 min read
Cloud Security

Configuring soft delete and purge protection for Azure Ke...

A step-by-step guide to enabling Key Vault soft delete and purge protection, recovering deleted secrets, and applying backup practices to prevent permanent data loss.

Jan 14, 20268 min read
Vulnerability Analysis

CurveBall Windows CryptoAPI spoofing flaw (CVE-2020-0601)

CVE-2020-0601 (CurveBall) let attackers spoof trusted certificates via a Windows CryptoAPI flaw. Impact, timeline, and remediation steps inside.

Jan 14, 20268 min read
Cloud Security

Preventing and detecting Azure service principal credenti...

How Azure service principal secrets leak through repos, pipelines, and IaC state files — and the detection, scoping, and rotation practices that stop a leak from becoming a breach.

Jan 14, 20267 min read
Vulnerability Analysis

Trojan Source Unicode bidi-override attack (CVE-2021-42574)

CVE-2021-42574 (Trojan Source) lets Unicode bidi control characters hide malicious logic in plain sight during code review. Here's the full breakdown and fix.

Jan 13, 20267 min read
Container Security

Security best practices for Azure Container Apps and secr...

A step-by-step guide to Azure Container Apps security best practices: managed identity, Key Vault-backed secrets, network ingress, and supply chain hardening.

Jan 13, 20267 min read
Vulnerability Analysis

OpenSSL punycode buffer overflow pair (CVE-2022-3602 / CVE-2022-3786)

A deep dive into CVE-2022-3602 and CVE-2022-3786, the OpenSSL punycode buffer overflow pair once dubbed "Heartbleed 2.0" — impact, timeline, and fixes.

Jan 13, 20265 min read
Vulnerability Analysis

MOVEit Transfer SQL injection mass-exploitation (CVE-2023-34362)

CVE-2023-34362, the MOVEit Transfer SQL injection exploited by Cl0p, hit 2,600+ organizations. Impact, timeline, and remediation steps inside.

Jan 13, 20267 min read
Container Security

Hardening Google Kubernetes Engine clusters against attacks

A step-by-step guide to GKE security best practices: private clusters, Workload Identity, Shielded Nodes, Binary Authorization, and verification checks for real audits.

Jan 13, 20267 min read
Vulnerability Analysis

systeminformation npm package command injection (CVE-2021-21315)

A critical command injection flaw in the systeminformation npm package (CVE-2021-21315) let attackers run OS commands via unsanitized shell calls. Here's the full breakdown.

Jan 12, 20268 min read
Vulnerability Analysis

lodash defaultsDeep prototype pollution (CVE-2019-10744)

A critical prototype pollution flaw in lodash's defaultsDeep (CVE-2019-10744) lets attackers corrupt Object.prototype. Here's the impact and how to fix it.

Jan 12, 20268 min read
supply-chain-security (Page 52) — Safeguard Blog