Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Buyer's Guides

Best security champions program and developer training pl...

A practical buyer's guide to security champions program tools — evaluation criteria, six real vendors compared honestly, and how to measure whether training actually reduces vulnerabilities.

Nov 7, 20258 min read
Incident Analysis

jQuery CDN supply chain risk analysis

jQuery loads on ~75% of websites, often via CDNs with no SRI or version pinning. The cdnjs RCE and Polyfill.io hijack show why that trust model keeps failing.

Nov 6, 20258 min read
Buyer's Guides

Best attack surface management (ASM) tools

A practical buyer's guide comparing top attack surface management tools and ASM platforms, with honest strengths, limitations, and evaluation criteria.

Nov 6, 20258 min read
Incident Analysis

XcodeGhost iOS supply chain malware campaign

XcodeGhost hid inside Xcode itself, silently infecting 4,000+ App Store apps like WeChat. Here is how the iOS supply chain malware campaign worked.

Nov 6, 20258 min read
Buyer's Guides

Best security orchestration, automation and response (SOA...

A practical buyer's guide to SOAR tools -- comparing Splunk, Cortex XSOAR, Microsoft Sentinel, Tines, Swimlane, and Torq for automation and incident response.

Nov 6, 20258 min read
Incident Analysis

Docker Hub cryptojacking campaign analysis

Safeguard tracked a six-week Docker Hub cryptojacking campaign using 41 trojanized images, delayed payloads, and base-image laundering to evade scanners.

Nov 5, 20257 min read
Buyer's Guides

Best AI and LLM generated code security scanning tools

An honest buyer's guide to AI generated code security scanning tools: what to evaluate, how six real vendors stack up, and where they fall short.

Nov 5, 20258 min read
Industry Analysis

Missing Rate Limiting on APIs and Login Endpoints

Missing rate limiting turned single APIs into 37-million-record breaches at T-Mobile and Optus. Here's why it happens, how attackers exploit it, and how to catch it first.

Nov 5, 20257 min read
Buyer's Guides

Best container registry vulnerability scanning tools

A practical look at container registry scanning tools — evaluation criteria, six real vendors compared fairly, and how Safeguard closes the supply-chain gaps scanning alone leaves open.

Nov 4, 20258 min read
Open Source Security

Compromise of Legitimate Upstream Packages

From xz-utils to polyfill.io, attackers increasingly compromise packages developers already trust rather than planting fakes. Here's how these attacks work and how Safeguard catches them.

Nov 4, 20257 min read
Open Source Security

Unmaintained Open Source Software: A Supply Chain Risk

Unmaintained open source components quietly power critical software until a bug hits and no one is left to patch it. Here's the risk, and how to manage it.

Nov 3, 20257 min read
Cloud Security

CI/CD pipeline security vulnerability trends

CI/CD pipelines now hold the keys attackers want most. Here's what tj-actions, Ultralytics, and Jenkins CVE-2024-23897 reveal about the trend.

Nov 3, 20257 min read
supply-chain-security (Page 69) — Safeguard Blog