Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

AI Security

Zero-Day Discovery In Your Dependency Graph

Most zero-days that hurt enterprises in 2026 live three or four hops deep in the dependency graph. Here is what it takes to actually find them there.

Apr 9, 20267 min read
Regulatory Compliance

Defense Software Supply Chain Under the 2026 Federal Rules

CMMC 2.0, the FAR SBOM rule, and DoD Instruction 8500.01 have reshaped what software contractors must deliver. Here is the 2026 operational baseline for defense industrial base suppliers.

Apr 9, 20266 min read
Software Supply Chain Security

ESSCM Buyer Guide 2026

An enterprise buyer's guide to End-to-End Software Supply Chain Management platforms in 2026, with the questions that separate marketing from working products.

Apr 8, 20265 min read
Compliance

Secure by Design Pledge: Reading the 2026 Progress Reports

More than 250 manufacturers have signed CISA's Secure by Design pledge. We read the public progress reports to see who is actually moving on the seven goals.

Apr 8, 20266 min read
Best Practices

Continuous Vendor Monitoring vs Annual Review

Annual vendor reviews discover problems eleven months too late. Continuous monitoring closes the gap, but only if your TPRM tooling can ingest and normalize signals at vendor scale.

Apr 8, 20267 min read
Best Practices

Discovering Shadow AI Models In Production

Engineers ship models faster than security can track them. Here is how to find shadow AI in production without slowing the teams that build it.

Apr 8, 20267 min read
Open Source Security

Python Monorepo Supply Chain Controls 2026

How to design supply chain controls for a Python monorepo in 2026 — from PyPI quarantine to wheel provenance — with Safeguard as the policy backbone.

Apr 8, 20267 min read
DevSecOps

CircleCI Orb Trust and Pinning in 2026

How to manage CircleCI orb trust in 2026: certified versus uncertified orbs, version pinning, contexts, OIDC, and the controls that hold under real attacker pressure.

Apr 8, 20266 min read
Regulatory Compliance

NIS2 Directive Supply Chain Obligations in 2026

NIS2 has been in force across the EU since October 2024, and member state enforcement is now operating in earnest. The supply chain obligations are the ones most organizations underestimated.

Apr 8, 20265 min read
SBOM & Compliance

AI-BOM Explained: Tracking Models As Supply Chain

AI models are now first-class supply chain components. Here is how an AI-BOM captures lineage, datasets, runtimes, and evaluations in a way that survives audit.

Apr 7, 20267 min read
Container Security

Container Supply Chain Defence: Build To Run

An end-to-end view of container supply chain controls from source through registry to runtime, covering signing, attestation, admission policy, and runtime drift, with concrete checkpoints at each stage.

Apr 7, 20267 min read
Regulatory Compliance

SOC 2 Control Mapping With Supply Chain Evidence

Map SOC 2 Trust Services Criteria to concrete supply chain artifacts. Learn how SBOMs, findings, and policy logs satisfy CC controls without manual gymnastics.

Apr 7, 20267 min read
supply-chain (Page 10) — Safeguard Blog