supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1053 articles
Choosing between Key Vault access policies and RBAC permi...
Access policies or RBAC? A concrete breakdown of Azure Key Vault's two permission models, when each still makes sense, and how to migrate safely.
Signing container images and generating SBOMs in Azure pi...
A practical walkthrough for Azure container image signing with Notation and ACR content trust, plus generating SBOMs inside Azure DevOps pipelines.
Configuring soft delete and purge protection for Azure Ke...
A step-by-step guide to enabling Key Vault soft delete and purge protection, recovering deleted secrets, and applying backup practices to prevent permanent data loss.
CurveBall Windows CryptoAPI spoofing flaw (CVE-2020-0601)
CVE-2020-0601 (CurveBall) let attackers spoof trusted certificates via a Windows CryptoAPI flaw. Impact, timeline, and remediation steps inside.
Preventing and detecting Azure service principal credenti...
How Azure service principal secrets leak through repos, pipelines, and IaC state files — and the detection, scoping, and rotation practices that stop a leak from becoming a breach.
Trojan Source Unicode bidi-override attack (CVE-2021-42574)
CVE-2021-42574 (Trojan Source) lets Unicode bidi control characters hide malicious logic in plain sight during code review. Here's the full breakdown and fix.
Security best practices for Azure Container Apps and secr...
A step-by-step guide to Azure Container Apps security best practices: managed identity, Key Vault-backed secrets, network ingress, and supply chain hardening.
OpenSSL punycode buffer overflow pair (CVE-2022-3602 / CVE-2022-3786)
A deep dive into CVE-2022-3602 and CVE-2022-3786, the OpenSSL punycode buffer overflow pair once dubbed "Heartbleed 2.0" — impact, timeline, and fixes.
MOVEit Transfer SQL injection mass-exploitation (CVE-2023-34362)
CVE-2023-34362, the MOVEit Transfer SQL injection exploited by Cl0p, hit 2,600+ organizations. Impact, timeline, and remediation steps inside.
Hardening Google Kubernetes Engine clusters against attacks
A step-by-step guide to GKE security best practices: private clusters, Workload Identity, Shielded Nodes, Binary Authorization, and verification checks for real audits.
systeminformation npm package command injection (CVE-2021-21315)
A critical command injection flaw in the systeminformation npm package (CVE-2021-21315) let attackers run OS commands via unsanitized shell calls. Here's the full breakdown.
lodash defaultsDeep prototype pollution (CVE-2019-10744)
A critical prototype pollution flaw in lodash's defaultsDeep (CVE-2019-10744) lets attackers corrupt Object.prototype. Here's the impact and how to fix it.