supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Go Toolchain Supply Chain Risks: 2025 Research
2025 research on Go toolchain supply chain risks: module proxy abuse, replace directive attacks, cgo linker vectors, and the hardening patterns Go shops should adopt.
From CVE To Zero-Day: The Pipeline Flip
Most security pipelines are organised around CVEs that already exist. Here is what changes when you flip the pipeline to surface zero-days first instead.
Kubernetes Admission Policy For Supply Chain
Admission control is the last cheap chance to refuse a non-compliant workload. The right policies turn supply chain attestations into deploy-time decisions.
PyPI Malicious Package Trends Q1 2026
Q1 2026 PyPI malicious package activity shows a clear shift toward AI and ML tooling targets. We break down the data, the tradecraft, and the implications.
Azure Key Vault Managed HSM for Artifact Signing: Pattern Library
Managed HSM gives you FIPS 140-3 Level 3 key custody in Azure. We map the patterns for using it as the root of trust for code signing, container signing, and SBOM attestation.
Inventory Of MCP Servers: Enterprise Program
MCP servers proliferate faster than governance can track them. Build an inventory program that captures every server, tool, and consumer agent.
Java/Spring Supply Chain Defence Blueprint 2026
A 2026 blueprint for hardening Java and Spring supply chains across Maven, Gradle, fat JARs, and runtime — with Safeguard as the policy and evidence layer.
Vendor Incident Coordination In The 72-Hour Window
Most vendor incidents go badly because the first 72 hours are spent figuring out who to call. A pre-built coordination playbook turns chaos into a rehearsed response.
Okta 2023 Customer Support Breach: Implications for Identity Supply Chain
The Okta customer support breach of October 2023 exposed HAR files containing session tokens for major customers. The structural lessons run deeper than the incident.
EU CRA Self-Assessment Evidence Pack
Build a Cyber Resilience Act self-assessment pack from supply chain evidence. Learn which artifacts CRA expects and how to produce them without rebuilding your stack.
Kubernetes Admission Policy Real-World Deployment
What it actually takes to put Kubernetes admission policy into enforcement mode without breaking deployments: phased rollout, exception workflows, audit-mode hygiene, and policy authoring conventions that survive contact with engineers.
SBOM-Driven Vendor Onboarding: Procurement Blueprint
Procurement that asks for a PDF security questionnaire is buying paperwork. SBOM-driven onboarding turns vendor risk into queryable, comparable, and enforceable data.