Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Supply Chain Attacks

Chrome Extension Cyberhaven Supply Chain Attack 2024

A technical retrospective on the 2024 Cyberhaven Chrome extension compromise: the phishing chain, the malicious OAuth flow, the exfiltration payload, and what actually changes browser-extension supply chain defense.

Mar 30, 20268 min read
SBOM & Compliance

CycloneDX vs SPDX: Which Format For Your Program

A senior-engineer comparison of CycloneDX and SPDX in 2026, covering field coverage, tooling, AI-BOM support, VEX, and the practical trade-offs for your programme.

Mar 29, 20266 min read
Regulatory Compliance

PCI DSS 4.0 Software Security Evidence Flow

PCI DSS 4.0 raises the bar for software security and supplier oversight. Learn how to satisfy Requirement 6 and 12.8 with continuous supply chain evidence.

Mar 29, 20267 min read
Container Security

Pod Supply Chain Attestation Validation

How to validate supply chain attestations at pod admission time without grinding deployments to a halt: which attestation types actually matter, how to chain verifications, and how to fail useful.

Mar 29, 20267 min read
Emerging Technology

Software Supply Chain Side-Channel Attacks 2025

Side-channel attacks are moving from hardware into software supply chains, where build-time timing, error messages, and telemetry leak meaningful secrets.

Mar 29, 20268 min read
DevSecOps

Jenkins Supply Chain Security Baseline 2026

A 2026 supply chain security baseline for Jenkins: plugin hygiene, agent isolation, Pipeline-as-Code discipline, credentials, and provenance integration.

Mar 28, 20266 min read
AI Security

Engine-Plus-LLM vs Pure-LLM Bug Hunters

The difference between an engine-plus-LLM bug hunter and a pure-LLM one is not a tuning detail. It is a structural divide that determines whether the findings are usable.

Mar 26, 20267 min read
Industry Analysis

Open Source Maintainer Targeting Trend

Open source maintainers are now a primary target for state and criminal actors. We trace the 2026 social engineering, infrastructure, and credential patterns.

Mar 26, 20267 min read
Best Practices

Runtime Drift Detection For Supply Chain Controls

An admitted workload is not a static one. Runtime drift detection turns the SBOM into a living contract and surfaces supply chain changes before they become incidents.

Mar 26, 20267 min read
Emerging Technology

Reflection-Based Dependency Confusion Techniques

Dependency confusion is moving beyond name-typosquat. Reflection-based techniques let attackers hijack packages through dynamic imports and runtime resolution.

Mar 26, 20268 min read
DevSecOps

Azure Artifacts Sigstore Integration Walkthrough 2026

A practical walkthrough for integrating Sigstore signing and verification with Azure Artifacts in 2026, including the gaps you should know about before starting.

Mar 26, 20265 min read
Best Practices

Flowing Down CMMC And CRA Clauses To Vendors

CMMC 2.0 and the EU Cyber Resilience Act both require obligations to flow down through your supply chain. Here is how to write the clauses and verify the compliance.

Mar 25, 20267 min read
supply-chain (Page 13) — Safeguard Blog