Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Buyer's Guides

Best software provenance verification tools

A practical, no-fluff comparison of software provenance verification tools — Sigstore, in-toto, GitHub Attestations, JFrog, Chainguard, and Kosli — plus what to evaluate before you buy.

Nov 13, 20258 min read
AI Security

LLM Denial of Service Attack Techniques

LLM denial of service attacks exploit sponge prompts, unbounded generation, and denial-of-wallet loops to cripple AI systems without a single exploit.

Nov 13, 20257 min read
Open Source Security

Laravel security vulnerability trends

A data-driven look at recurring Laravel vulnerability patterns — debug-mode RCE, APP_KEY leaks, and Composer supply chain risk — and how to defend against them.

Nov 12, 20258 min read
Buyer's Guides

Best policy-as-code enforcement tools

A practical buyer's guide to policy as code tools -- OPA, Kyverno, Sentinel, Checkov, InSpec, and Styra -- with honest strengths, limits, and evaluation criteria.

Nov 12, 20258 min read
Open Source Security

Cargo crate vulnerability trends report

RustSec advisories rose 38% year-over-year as crates.io passed 195,000 packages. A breakdown of where Cargo's supply-chain risk is concentrated in 2026.

Nov 12, 20257 min read
Buyer's Guides

Best Kubernetes admission control tools

A practical comparison of Kubernetes admission control tools — OPA/Gatekeeper, Kyverno, Kubewarden, Styra, jsPolicy, and Polaris — with real strengths, limits, and evaluation criteria.

Nov 12, 20258 min read
Open Source Security

Malicious Rust crates found on crates.io

Malicious crates keep surfacing on crates.io, from the rustdecimal typosquat to build-script payload attacks. Here's how the pattern works and how to defend against it.

Nov 11, 20257 min read
Open Source Security

RustSec advisory database trend report

RustSec crossed 200 advisories by July 2026, revealing a shift from memory bugs to malicious typosquats, unsound "safe" APIs, and abandoned crates.

Nov 11, 20258 min read
Open Source Security

Typosquatting on crates.io report

Safeguard's research team scanned all of crates.io and flagged 312 likely typosquat candidates — here's what the data shows and how Rust teams should respond.

Nov 10, 20257 min read
Open Source Security

CocoaPods trunk supply chain vulnerability report

Three CocoaPods trunk server flaws sat unpatched for a decade, exposing 1,866 orphaned pods to takeover. Here's what happened and how to defend your dependencies.

Nov 10, 20257 min read
Open Source Security

Swift Package Manager vulnerability trends

Typosquats, thin CVE coverage, and an executable manifest format: inside the Swift Package Manager vulnerability trends security teams can't ignore.

Nov 10, 20257 min read
Open Source Security

Malicious iOS SDKs and CocoaPods report

CocoaPods trunk server CVEs and the SourMint SDK scandal reveal how malicious iOS SDKs and pods slip past App Review for years.

Nov 10, 20257 min read
supply-chain-security (Page 67) — Safeguard Blog