Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Security Guides

Managing Transitive Dependencies: The Vulnerabilities You Didn't Choose

Most dependency risk lives in packages you never installed directly. Here is how transitive dependencies work across ecosystems and how to audit and control them.

Jul 8, 20265 min read
Security Guides

Rust Supply Chain Security: build.rs, Typosquatting, and Auditing crates.io

Rust's borrow checker guarantees memory safety in your code — and nothing about the crates you pull in. A cargo build runs arbitrary code at compile time, before any safe code executes.

Jul 8, 20267 min read
Buyer's Guides

Socket.dev Alternatives in 2026: An Honest Buyer's Guide

A balanced comparison of the leading Socket.dev alternatives in 2026 — Snyk, Endor Labs, Mend, Aikido, Sonatype, and Safeguard — with candid pros, cons, and a framework for choosing.

Jul 8, 20266 min read
AI Security

Integrating AI Tools Without Expanding Your Attack Surface

Stanford researchers found developers using AI coding assistants wrote more security bugs — and felt more confident in them. Here's how to adopt AI safely.

Jul 8, 20268 min read
AI Security

AI-assisted vulnerability remediation patterns: what to verify before you merge

GitHub reports its Copilot Autofix suggestions resolve two-thirds of flagged vulnerabilities with little or no editing — but the other third is where merges go wrong.

Jul 8, 20267 min read
AI Security

The supply-chain and IP risk hiding inside AI coding assistants

GitHub has disclosed that Copilot suggestions match training-set code verbatim about 1% of the time — and a class action over it is still being argued in 2026.

Jul 8, 20267 min read
AI Security

The Security Pitfalls Hiding in AI-Generated Code

A 2021 NYU study found roughly 40% of Copilot completions on security-relevant prompts contained exploitable flaws. Here's a field guide to catching them.

Jul 8, 20266 min read
AI Security

AI Developer Tools: Weighing Productivity Against Security and IP Exposure

NYU found 40% of Copilot-generated code contained exploitable flaws; Samsung banned ChatGPT after three leaks in under 20 days. The productivity math still isn't simple.

Jul 8, 20267 min read
DevSecOps

The AppSec Program Spring-Cleaning Checklist

The xz-utils backdoor sat in a maintainer's commits for over two years before a Postgres developer's slow SSH login exposed it in March 2024. Most AppSec programs never audit for that kind of drift.

Jul 8, 20266 min read
Container Security

Automating container image vulnerability scans in GitHub Actions

A fail-the-build scanning pipeline is a few YAML lines away — but pin the Action wrong and you inherit its supply chain risk too.

Jul 8, 20266 min read
Cloud Security

Automating Security Controls on Google Cloud

Binary Authorization can block every unsigned container from reaching GKE or Cloud Run — but only if your pipeline is wired to sign images the moment they pass scanning.

Jul 8, 20267 min read
Open Source Security

How to publish a secure Python package: signing, SBOMs, and trusted publishing

PyPI enforced two-factor authentication for all users on January 1, 2024 — but 2FA alone doesn't stop a stolen API token. Here's the full secure-publishing stack.

Jul 8, 20267 min read
supply-chain-security (Page 8) — Safeguard Blog