supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Telecom Supply Chain Risk Controls in 2026
Practical supply chain controls for telecom operators in 2026, covering RAN software, OSS/BSS stacks, and the regulatory pressure from FCC and ENISA frameworks.
Container Registry Security Hardening Checklist for 2026
A concrete hardening checklist for container registries in 2026, covering authentication, signing, scanning, retention, and the operational details that actually matter.
Composer/PHP Supply Chain Threats: 2025 Report
A senior engineer's 2025 report on Composer and Packagist supply chain threats: namespace abuse, abandoned maintainers, plugin hooks, and the attacks that actually landed on PHP shops.
Next-Gen SCA Explained: What Changed in 2026
Next-gen SCA tools moved past package-tree scanning to reachability, runtime context, and exploit signal. Here's what actually changed and why it matters.
Symbol Conflict and Binary Planting Attacks 2025
Symbol conflicts and binary planting are the oldest native-code attacks, and they are showing up in modern software supply chains in unexpected places.
Break-Glass Workflow Design: Audited Bypass That Works
Every policy needs a bypass path or it will be routed around. The trick is making the bypass auditable, time-bound, and rare enough to remain meaningful.
Dependency Confusion Five Years In: Evolution
Dependency confusion turned five in 2026. We look at how the attack has evolved, why it still works, and what defenders have actually learned.
Responsible Disclosure For Discovered Zero-Days
When your pipeline starts producing zero-days, you inherit responsible disclosure obligations. Here is how to do it well, with the artefacts the pipeline already gives you.
Finding Forgotten Public npm Packages In Your Org
Public npm packages your org published years ago are now an attacker's best targets. Find them before someone else does.
Go Modules Supply Chain Program Blueprint 2026
A 2026 blueprint for Go modules supply chain security — from proxy and checksum database to vendoring and binary provenance — anchored by Safeguard.
SLSA v1.1 Framework Update: What's New
SLSA v1.1 sharpens the build track, adds a source track draft, and clarifies attestation semantics. Here is the practical guide for security teams.
TPRM Vendor Tiering By Blast Radius Not Spend
Most TPRM programs tier vendors by spend. That misses the vendors who are cheap but catastrophic when they fail. Tiering by blast radius is the fix.