Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Vulnerability Analysis

BuildKit Build-Time Container Teardown Arbitrary File Del...

A malicious Dockerfile can exploit CVE-2024-23652 to make BuildKit delete arbitrary host files during build teardown. Here's what's affected and how to fix it.

Nov 20, 20257 min read
Container Security

The 2019 Docker Hub Database Breach Exposing User Credent...

In April 2019, Docker Hub exposed 190,000 accounts' credentials and GitHub/Bitbucket tokens. Here's what happened, what leaked, and why it still matters for supply chain security.

Nov 19, 20257 min read
Open Source Security

Cloud-native Go services vulnerability landscape

A runc escape trilogy, a gRPC-Go bypass, and a lingering SSH auth flaw reveal how concentrated risk in Go now shapes the cloud native vulnerability landscape.

Nov 19, 20258 min read
Open Source Security

Go standard library CVE trend report

A trend analysis of Go standard library CVEs from HTTP/2 Rapid Reset to crypto/x509 parsing bugs — and why "it's stdlib" is not a safe-harbor assumption.

Nov 19, 20257 min read
Open Source Security

Go module checksum database bypass risks

Go's GOSUMDB checksum verification is meant to be on by default, but Safeguard's research found roughly 1 in 6 CI pipelines quietly disable it.

Nov 18, 20257 min read
Buyer's Guides

Best secrets scanning tools for CI/CD pipelines

A practical, no-hype comparison of secrets scanning tools for CI/CD: what gitleaks, TruffleHog, and GitGuardian catch, and where each one falls short.

Nov 18, 20259 min read
Container Security

Docker Hub malicious image report

Researchers estimate roughly 3% of public Docker Hub images carry malicious payloads. Here's what's inside them, how they spread, and how to defend your pipeline.

Nov 18, 20257 min read
Container Security

Top vulnerable base images on Docker Hub

A look at why Docker Hub's most-pulled base images still ship hundreds of known CVEs, and how reachability analysis cuts the noise down to what's actually exploitable.

Nov 18, 20257 min read
Industry Analysis

Best SLSA-compliant build systems

A fair comparison of SLSA compliant build systems—GitHub Actions, Cloud Build, GitLab, Tekton Chains—with real strengths and limitations for Build Level 3.

Nov 18, 20258 min read
AI Security

Cascading Failures in Multi-Agent AI Architectures

One compromised agent can poison an entire pipeline in seconds. Heres how cascading failures spread through multi-agent AI systems, and how to contain them.

Nov 18, 20257 min read
Container Security

Cryptomining malware hidden in public Docker images

Cryptomining malware keeps resurfacing in public Docker images. Here's how attackers hide miners in plain sight — and how to catch them before they run.

Nov 18, 20257 min read
AI Security

Insecure Inter-Agent Communication in Multi-Agent Systems

Multi-agent AI pipelines pass untrusted content between agents with no authentication or integrity checks. Here's how insecure inter-agent communication opens the door to injection attacks.

Nov 18, 20257 min read
supply-chain-security (Page 64) — Safeguard Blog