supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
How to Detect Malicious npm Packages: A Workflow
A practical detection workflow for malicious npm packages: install-time signals, registry heuristics, reachability checks, and CI gates that actually block attacks.
Swift And CocoaPods Supply Chain Program
A 2026 supply chain program for Swift apps — covering SPM, CocoaPods, XCFrameworks, and notarisation — anchored by Safeguard policy and SBOM evidence.
Tracking Vendor-Supplied Binaries In Your Runtime
Vendor binaries run as root and ship without SBOMs. Continuous discovery brings them under the same governance as your own code.
Vendor Risk During M&A Due Diligence
M&A due diligence usually ignores vendor risk until the day after close. By then, the buyer has inherited a vendor portfolio with no visibility and no leverage.
Safeguard vs Aqua Security Platform Review
A fact-based comparison of Safeguard and Aqua Security in 2026 across container coverage, runtime protection, SCA depth, and supply chain capabilities.
The Future of Software Signing Is Keyless
Long-lived signing keys are operational debt that every security team eventually pays down the hard way. Keyless signing is not an experiment anymore — it is the mainstream design.
Composer/PHP Package Supply Chain in 2026
PHP's Composer and Packagist ecosystem has quietly improved its supply chain story. Here is where things actually stand in 2026, and what PHP shops should do now.
Supply Chain Security for Financial Services 2026
Supply chain security for financial services in 2026 means DORA, NYDFS 500, FFIEC, and OCC expectations. A practical guide for banks, insurers, and fintechs.
What is AI Security
AI security protects models, training data, and agentic systems from prompt injection, poisoning, and unsafe autonomy — here's what it covers and how to build a program.
Model Substitution Risk In Enterprise Deployments
The model you think you're calling might not be the model that returns. Model substitution is a quiet supply chain risk that deserves explicit controls.
Kubernetes Operator Supply Chain Controls
Operators are powerful, privileged, and often under-governed. This post covers the supply chain controls that keep operator installations from becoming the largest attack surface in your cluster.
NIS2 Supply Chain Evidence For EU Operators
NIS2 expects essential and important entities to manage supply chain risk with documented evidence. Learn how to build a program that survives competent authority review.