Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Supply Chain Attacks

Go Toolchain Supply Chain Risks: 2025 Research

2025 research on Go toolchain supply chain risks: module proxy abuse, replace directive attacks, cgo linker vectors, and the hardening patterns Go shops should adopt.

Apr 6, 20268 min read
AI Security

From CVE To Zero-Day: The Pipeline Flip

Most security pipelines are organised around CVEs that already exist. Here is what changes when you flip the pipeline to surface zero-days first instead.

Apr 5, 20267 min read
Best Practices

Kubernetes Admission Policy For Supply Chain

Admission control is the last cheap chance to refuse a non-compliant workload. The right policies turn supply chain attestations into deploy-time decisions.

Apr 5, 20267 min read
Industry Analysis

PyPI Malicious Package Trends Q1 2026

Q1 2026 PyPI malicious package activity shows a clear shift toward AI and ML tooling targets. We break down the data, the tradecraft, and the implications.

Apr 5, 20268 min read
Cloud Security

Azure Key Vault Managed HSM for Artifact Signing: Pattern Library

Managed HSM gives you FIPS 140-3 Level 3 key custody in Azure. We map the patterns for using it as the root of trust for code signing, container signing, and SBOM attestation.

Apr 4, 20267 min read
Best Practices

Inventory Of MCP Servers: Enterprise Program

MCP servers proliferate faster than governance can track them. Build an inventory program that captures every server, tool, and consumer agent.

Apr 4, 20267 min read
Open Source Security

Java/Spring Supply Chain Defence Blueprint 2026

A 2026 blueprint for hardening Java and Spring supply chains across Maven, Gradle, fat JARs, and runtime — with Safeguard as the policy and evidence layer.

Apr 4, 20267 min read
Best Practices

Vendor Incident Coordination In The 72-Hour Window

Most vendor incidents go badly because the first 72 hours are spent figuring out who to call. A pre-built coordination playbook turns chaos into a rehearsed response.

Apr 4, 20267 min read
Incident Analysis

Okta 2023 Customer Support Breach: Implications for Identity Supply Chain

The Okta customer support breach of October 2023 exposed HAR files containing session tokens for major customers. The structural lessons run deeper than the incident.

Apr 3, 20265 min read
Regulatory Compliance

EU CRA Self-Assessment Evidence Pack

Build a Cyber Resilience Act self-assessment pack from supply chain evidence. Learn which artifacts CRA expects and how to produce them without rebuilding your stack.

Apr 3, 20267 min read
Container Security

Kubernetes Admission Policy Real-World Deployment

What it actually takes to put Kubernetes admission policy into enforcement mode without breaking deployments: phased rollout, exception workflows, audit-mode hygiene, and policy authoring conventions that survive contact with engineers.

Apr 3, 20267 min read
SBOM & Compliance

SBOM-Driven Vendor Onboarding: Procurement Blueprint

Procurement that asks for a PDF security questionnaire is buying paperwork. SBOM-driven onboarding turns vendor risk into queryable, comparable, and enforceable data.

Apr 3, 20266 min read
supply-chain (Page 11) — Safeguard Blog