supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1053 articles
Managing secrets securely with OCI Vault
A step-by-step guide to OCI Vault secrets management: provisioning, rotation, IAM policies, pipeline integration, and best practices for securing credentials.
Kubernetes kubelet symlink volume mount escape (CVE-2021-25741)
CVE-2021-25741 lets attackers escape subPath volume mounts in Kubernetes kubelet via a symlink race, exposing host files and enabling privilege escalation.
Using OCI resource principal authentication to avoid embe...
A concrete guide to OCI resource principal authentication: how it works, how it differs from instance principals, and how to eliminate static API keys from OCI workloads.
Detecting container threats in OCI with Cloud Guard
How OCI Cloud Guard detects container threats in OKE — detector recipes, responder rules, real blind spots, and where Safeguard adds runtime and supply-chain coverage.
libwebp animated WebP overflow (CVE-2023-5129)
CVE-2023-5129 exposed a critical libwebp heap overflow, then got rejected as a duplicate of CVE-2023-4863 — leaving two CVE trails for one flaw.
Comparing container registry security features across maj...
A practical, no-fluff comparison of ECR vs ACR vs GAR vs OCIR on scanning depth, signing, IAM, and compliance — plus where Harbor fits and how Safeguard unifies them.
minimist prototype pollution (CVE-2020-7598)
A deep dive into CVE-2020-7598, the minimist prototype pollution vulnerability that rippled across the npm ecosystem, with impact, timeline, and remediation steps.
Safeguard v5: One Year In — What We Built, What We Learned
A retrospective on Safeguard v5's first year in production, the features that resonated, and where we're headed next.
Software supply chain security for core banking systems
How core banking system supply chain security failures happen, what they cost, and how SBOMs and vendor risk monitoring keep core banking platforms safe.
protobufjs prototype pollution (CVE-2022-25878)
CVE-2022-25878 is a critical prototype pollution flaw in protobufjs. Here's what's affected, the CVSS/EPSS context, and how to remediate it fast.
lodash property injection via merge functions (CVE-2018-16487)
CVE-2018-16487 let attackers pollute Object.prototype via lodash's merge, mergeWith, and defaultsDeep functions. Here's how it works and how to fix it.
Third-party risk management for fintech SaaS vendors
A practical, step-by-step fintech third-party risk management playbook: vendor discovery, tiering, security review, continuous monitoring, and contract controls.