supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Zero-Day Discovery In Your Dependency Graph
Most zero-days that hurt enterprises in 2026 live three or four hops deep in the dependency graph. Here is what it takes to actually find them there.
Defense Software Supply Chain Under the 2026 Federal Rules
CMMC 2.0, the FAR SBOM rule, and DoD Instruction 8500.01 have reshaped what software contractors must deliver. Here is the 2026 operational baseline for defense industrial base suppliers.
ESSCM Buyer Guide 2026
An enterprise buyer's guide to End-to-End Software Supply Chain Management platforms in 2026, with the questions that separate marketing from working products.
Secure by Design Pledge: Reading the 2026 Progress Reports
More than 250 manufacturers have signed CISA's Secure by Design pledge. We read the public progress reports to see who is actually moving on the seven goals.
Continuous Vendor Monitoring vs Annual Review
Annual vendor reviews discover problems eleven months too late. Continuous monitoring closes the gap, but only if your TPRM tooling can ingest and normalize signals at vendor scale.
Discovering Shadow AI Models In Production
Engineers ship models faster than security can track them. Here is how to find shadow AI in production without slowing the teams that build it.
Python Monorepo Supply Chain Controls 2026
How to design supply chain controls for a Python monorepo in 2026 — from PyPI quarantine to wheel provenance — with Safeguard as the policy backbone.
CircleCI Orb Trust and Pinning in 2026
How to manage CircleCI orb trust in 2026: certified versus uncertified orbs, version pinning, contexts, OIDC, and the controls that hold under real attacker pressure.
NIS2 Directive Supply Chain Obligations in 2026
NIS2 has been in force across the EU since October 2024, and member state enforcement is now operating in earnest. The supply chain obligations are the ones most organizations underestimated.
AI-BOM Explained: Tracking Models As Supply Chain
AI models are now first-class supply chain components. Here is how an AI-BOM captures lineage, datasets, runtimes, and evaluations in a way that survives audit.
Container Supply Chain Defence: Build To Run
An end-to-end view of container supply chain controls from source through registry to runtime, covering signing, attestation, admission policy, and runtime drift, with concrete checkpoints at each stage.
SOC 2 Control Mapping With Supply Chain Evidence
Map SOC 2 Trust Services Criteria to concrete supply chain artifacts. Learn how SBOMs, findings, and policy logs satisfy CC controls without manual gymnastics.