Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

AI Security

How Malicious Payloads Get Smuggled Into Trusted AI Skill...

Attackers smuggle malicious payloads into trusted AI skill repositories via typosquats, staged fetches, and split-file obfuscation — here is exactly how it works.

Jul 20, 20258 min read
AI Security

MCP Server Permissions: A Practical Checklist for Reducin...

A practical checklist for scoping MCP server permissions, denying risky defaults, and limiting the blast radius when an AI agent's tool access is exploited.

Jul 20, 20258 min read
DevSecOps

Friction as a Security Metric: Measuring Tool Adoption Fa...

Security tools fail quietly when developers route around them. Here's how to measure friction as a leading indicator of adoption failure before it causes a breach.

Jul 19, 20258 min read
DevSecOps

Policy Bypass Culture: What Happens When Deadlines Beat G...

When deadlines collide with security gates, developers bypass them quietly and often. Here's how policy bypass culture forms, what it costs, and how to stop it.

Jul 18, 20258 min read
Open Source Security

The Quiet Consolidation of SCA, SAST, and Container Scann...

A wave of PE buyouts and platform acquisitions is quietly folding SCA, SAST, and container scanning into fewer, bigger AppSec platforms. Here's what's driving it.

Jul 15, 20258 min read
Application Security

What OpenAI and Anthropic Ecosystem Partnerships Signal A...

OpenAI and Anthropic's expanding ecosystem deals are an AI model vendor security partnership signal AppSec teams can no longer afford to ignore.

Jul 15, 20258 min read
Vulnerability Analysis

The XZ Utils Backdoor: A Timeline and Technical Post-Mortem

A technical post-mortem of CVE-2024-3094, the XZ Utils backdoor: how a trusted maintainer identity was used to plant a supply chain backdoor in sshd.

Jul 13, 20258 min read
Product Launch

Introducing the Safeguard MCP Server: AI-Native Software Supply Chain Security

Safeguard launches its MCP Server, bringing software supply chain security directly into AI-powered development workflows through the Model Context Protocol.

Jul 1, 20255 min read
Governance

Writing an Open Source Software Policy

An open source software policy is what turns ad-hoc dependency choices into a governed, auditable process — here's what to actually put in one.

Jun 17, 20254 min read
Supply Chain

Open Source Code Scanning: Tools and Workflow

Open source code scanning tools can cover most of a small team's needs for free, but the workflow around them — what runs where, and who reviews the output — matters more than which tool you pick.

Jun 17, 20255 min read
Supply Chain

Snyk SBOM Generation: How It Works

How Snyk builds a software bill of materials from a dependency scan, what formats it exports, and where teams still need to fill gaps manually.

Jun 9, 20255 min read
Frameworks

Software Supply Chain Security Maturity: Where Does Your Organization Stand?

Most organizations know they should care about software supply chain security, but few have a structured way to assess their maturity. A practical framework for evaluating and improving your posture.

Jun 1, 20258 min read
supply-chain-security (Page 82) — Safeguard Blog