supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
VEX Statements: Eliminating SBOM Noise In 2026
An SBOM without VEX is a noise machine. Here is how disciplined VEX authoring cuts vulnerability backlogs by 70-90% while improving defensibility, not weakening it.
GitLab CI Supply Chain Hardening Checklist 2026
A 2026 hardening checklist for GitLab CI: ID tokens, protected branches, runner isolation, included templates, and the controls that actually shrink blast radius.
Dev Containers Security Baseline for 2026
A practical security baseline for devcontainer.json files in 2026, covering base image selection, features, lifecycle scripts, and the supply chain controls that actually matter.
GitHub Actions Cache Poisoning Attack Class 2025
GitHub Actions caches were never designed as a trust boundary. In 2025 researchers turned that mismatch into a repeatable supply-chain attack pattern.
Docker Hub Exposed Secrets at Scale 2024
Researchers keep finding valid AWS, GitHub, and cloud credentials baked into public Docker Hub images. What the 2024 data shows and how to stop shipping secrets.
Container Image Supply Chain Incidents 2026
Container image supply chain incidents have grown in frequency and impact. We analyze the 2026 patterns, the registry tradecraft, and what defenders should change.
Automating License Policy: Blocking AGPL At PR
License risk that surfaces at release time is already too late. PR-time license policy turns an open-ended legal review into an automated, predictable check.
Proof-Of-Concept Payloads From Discovered Paths
A taint path is not an exploit. Here is how a zero-day pipeline turns a reachable flow into a defensible proof-of-concept payload without inventing a vulnerability.
Fourth-Party Risk: The Supply Chain Of Vendors
Your vendors have vendors. Most TPRM programs stop at the third party and miss the fourth-party blast radius. Mapping the full chain is now a board-level expectation.
Ruby / Bundler Supply Chain Program 2026
A 2026 supply chain program for Ruby and Bundler — covering RubyGems, Gemfile.lock, native extensions, and Rails — anchored by Safeguard policy gates.
Runtime Asset Attribution: Pods To Services
Mapping a running pod back to a service, repo, owner, and SBOM is the boring infrastructure that makes every other security control useful.
Best SBOM Management Platforms 2026 Review
A 2026 review of the best SBOM management platforms, comparing Dependency-Track, Anchore, Kusari, and Safeguard on depth and compliance.