Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Regulatory Compliance

EO 14028 Attestation Pipeline

Executive Order 14028 attestations are now standard for federal software vendors. Build a pipeline that produces SSDF-aligned evidence on every release.

Mar 9, 20267 min read
SBOM & Compliance

SBOM Cross-Vendor Normalisation: Enterprise Program

Vendor SBOMs arrive in every shape and size. Without disciplined normalisation, your ingest store is a junk drawer. Here is how mature programmes solve it.

Mar 9, 20267 min read
Container Security

Service Mesh Supply Chain Policy 2026

Service meshes are a control plane and a data plane and a supply chain risk surface all at once. This post covers the policy controls that matter in 2026 for sidecars, control planes, and mesh-issued certificates.

Mar 9, 20267 min read
Software Supply Chain Security

Software Supply Chain Legal Risk Assessment Template 2026

A working template for legal and security teams to assess software supply chain risk against contractual, regulatory, and licensing exposure in 2026.

Mar 9, 20266 min read
Best Practices

Safeguard vs Wiz: Supply Chain Focus 2026

How Safeguard and Wiz compare in 2026 for software supply chain security, SCA depth, container provenance, and autonomous remediation.

Mar 9, 20267 min read
AI Security

Dependency Confusion: Griffin AI vs Mythos

Dependency confusion is older than most of the AI tooling trying to detect it. The attacks have adapted to the defences — detection needs to keep up.

Mar 8, 20263 min read
Open Source Security

JSR JavaScript Registry Security Model

JSR reimagines JavaScript package distribution with mandatory signing, scoped namespaces, and provenance by default. Here is how the security model works.

Mar 8, 20265 min read
Incident Analysis

Snowflake Customer Breaches 2024: Root Cause

The Snowflake customer breaches of 2024 were not a Snowflake compromise. Infostealer logs, shared credentials, and absent MFA did the damage, from Ticketmaster to AT&T.

Mar 8, 20267 min read
Best Practices

MCP Server Capability Policy Enforcement

MCP servers expose tools that AI agents can call directly. Capability policy decides which tools each agent gets, with the same rigor as any other supply chain gate.

Mar 6, 20268 min read
Industry Analysis

Ransomware Via Software Supply Chain In 2026

Ransomware operators increasingly enter victims through software supply chain pathways. We analyze the 2026 patterns, the affiliate dynamics, and what defenders should do.

Mar 6, 20267 min read
AI Security

Coordinated Disclosure With Upstream Maintainers

Coordinated disclosure with open-source maintainers is a relationship business. Here is what makes it work in 2026, with the artefacts a modern pipeline gives you.

Mar 6, 20267 min read
Best Practices

How to Generate an SBOM with GitHub Actions (2026)

SBOMs are a compliance table-stakes artifact in 2026. Here is a production GitHub Actions workflow that generates, signs, and attests a CycloneDX SBOM on every release.

Mar 6, 20266 min read
supply-chain (Page 19) — Safeguard Blog