Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Best Practices

One Policy Set, Four Enforcement Points

Different gates with different rules create gaps and developer friction. A unified policy engine evaluates one definition at PR, build, admission, and runtime.

Mar 21, 20268 min read
AI Security

Zero-Day Triage Without Drowning Engineers

A zero-day discovery pipeline is only as useful as the triage process around it. Here is what triage looks like when the pipeline gives engineers something they can defend.

Mar 21, 20267 min read
Industry Analysis

Retail POS Supply Chain Security in 2026

Retail point-of-sale environments combine PCI scope, vendor-managed software, and thousands of physical endpoints. Here is the 2026 supply chain baseline that actually works at scale.

Mar 20, 20266 min read
Best Practices

Asset Discovery For M&A Due Diligence

M&A due diligence runs on questionnaires that nobody can verify. Continuous asset discovery turns the diligence period into a data exercise.

Mar 20, 20267 min read
Industry Analysis

AWS re:Inforce 2026 Supply Chain Sessions: Field Notes

Field notes from AWS re:Inforce 2026 supply chain track: signing at scale, SBOM adoption, and the Inspector and ECR updates that actually matter.

Mar 20, 20265 min read
Open Source Security

.NET / NuGet Enterprise Supply Chain Program

An enterprise-grade .NET and NuGet supply chain program for 2026 — covering feeds, lockfiles, MSBuild targets, and runtime — backed by Safeguard.

Mar 20, 20267 min read
Best Practices

Evaluating Vendor Attestations: SOC 2 / FedRAMP

A SOC 2 report does not mean the vendor is secure. Here is how to read attestations carefully, what FedRAMP actually proves, and how to ingest both at scale.

Mar 20, 20267 min read
Best Practices

How to Implement SLSA Level 3 Practically

SLSA Level 3 requires hardened builds, verifiable provenance, and isolated build environments. Here is the practical path, not the theoretical one.

Mar 20, 20267 min read
Emerging Technology

DNS Cache Poisoning for Software Updates: 2025

DNS cache poisoning is a known attack class with a new application: hijacking software update checks to ship malicious binaries that pass every signature check.

Mar 20, 20268 min read
SBOM

SPDX 3.0 Feature Overview for 2026

What changed in SPDX 3.0 and the 3.0.1 patch release: the profile model, AI and dataset profiles, serialization choices, and what to migrate first.

Mar 19, 20265 min read
Regulatory Compliance

ISO 27001:2022 Aligned Supply Chain Program

ISO 27001:2022 added explicit supply chain controls in Annex A. Learn how to build a program that satisfies A.5.19 through A.5.23 with continuous evidence.

Mar 19, 20267 min read
Container Security

Runtime Container Drift: Supply Chain Implications

Runtime drift is the last honest witness in container supply chain defence. This post covers what drift signals tell you, how to instrument for them, and how to investigate without overwhelming on-call.

Mar 19, 20267 min read
supply-chain (Page 15) — Safeguard Blog