supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1045 articles
How Malicious Payloads Get Smuggled Into Trusted AI Skill...
Attackers smuggle malicious payloads into trusted AI skill repositories via typosquats, staged fetches, and split-file obfuscation — here is exactly how it works.
MCP Server Permissions: A Practical Checklist for Reducin...
A practical checklist for scoping MCP server permissions, denying risky defaults, and limiting the blast radius when an AI agent's tool access is exploited.
Friction as a Security Metric: Measuring Tool Adoption Fa...
Security tools fail quietly when developers route around them. Here's how to measure friction as a leading indicator of adoption failure before it causes a breach.
Policy Bypass Culture: What Happens When Deadlines Beat G...
When deadlines collide with security gates, developers bypass them quietly and often. Here's how policy bypass culture forms, what it costs, and how to stop it.
The Quiet Consolidation of SCA, SAST, and Container Scann...
A wave of PE buyouts and platform acquisitions is quietly folding SCA, SAST, and container scanning into fewer, bigger AppSec platforms. Here's what's driving it.
What OpenAI and Anthropic Ecosystem Partnerships Signal A...
OpenAI and Anthropic's expanding ecosystem deals are an AI model vendor security partnership signal AppSec teams can no longer afford to ignore.
The XZ Utils Backdoor: A Timeline and Technical Post-Mortem
A technical post-mortem of CVE-2024-3094, the XZ Utils backdoor: how a trusted maintainer identity was used to plant a supply chain backdoor in sshd.
Introducing the Safeguard MCP Server: AI-Native Software Supply Chain Security
Safeguard launches its MCP Server, bringing software supply chain security directly into AI-powered development workflows through the Model Context Protocol.
Writing an Open Source Software Policy
An open source software policy is what turns ad-hoc dependency choices into a governed, auditable process — here's what to actually put in one.
Open Source Code Scanning: Tools and Workflow
Open source code scanning tools can cover most of a small team's needs for free, but the workflow around them — what runs where, and who reviews the output — matters more than which tool you pick.
Snyk SBOM Generation: How It Works
How Snyk builds a software bill of materials from a dependency scan, what formats it exports, and where teams still need to fill gaps manually.
Software Supply Chain Security Maturity: Where Does Your Organization Stand?
Most organizations know they should care about software supply chain security, but few have a structured way to assess their maturity. A practical framework for evaluating and improving your posture.