Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Best Practices

How to Detect Malicious npm Packages: A Workflow

A practical detection workflow for malicious npm packages: install-time signals, registry heuristics, reachability checks, and CI gates that actually block attacks.

Mar 6, 20267 min read
Open Source Security

Swift And CocoaPods Supply Chain Program

A 2026 supply chain program for Swift apps — covering SPM, CocoaPods, XCFrameworks, and notarisation — anchored by Safeguard policy and SBOM evidence.

Mar 5, 20267 min read
Best Practices

Tracking Vendor-Supplied Binaries In Your Runtime

Vendor binaries run as root and ship without SBOMs. Continuous discovery brings them under the same governance as your own code.

Mar 5, 20267 min read
Best Practices

Vendor Risk During M&A Due Diligence

M&A due diligence usually ignores vendor risk until the day after close. By then, the buyer has inherited a vendor portfolio with no visibility and no leverage.

Mar 5, 20267 min read
Best Practices

Safeguard vs Aqua Security Platform Review

A fact-based comparison of Safeguard and Aqua Security in 2026 across container coverage, runtime protection, SCA depth, and supply chain capabilities.

Mar 5, 20267 min read
Industry Analysis

The Future of Software Signing Is Keyless

Long-lived signing keys are operational debt that every security team eventually pays down the hard way. Keyless signing is not an experiment anymore — it is the mainstream design.

Mar 5, 20268 min read
Open Source Security

Composer/PHP Package Supply Chain in 2026

PHP's Composer and Packagist ecosystem has quietly improved its supply chain story. Here is where things actually stand in 2026, and what PHP shops should do now.

Mar 5, 20268 min read
Compliance

Supply Chain Security for Financial Services 2026

Supply chain security for financial services in 2026 means DORA, NYDFS 500, FFIEC, and OCC expectations. A practical guide for banks, insurers, and fintechs.

Mar 5, 20268 min read
AI Security

What is AI Security

AI security protects models, training data, and agentic systems from prompt injection, poisoning, and unsafe autonomy — here's what it covers and how to build a program.

Mar 5, 20268 min read
AI Security

Model Substitution Risk In Enterprise Deployments

The model you think you're calling might not be the model that returns. Model substitution is a quiet supply chain risk that deserves explicit controls.

Mar 4, 20262 min read
Container Security

Kubernetes Operator Supply Chain Controls

Operators are powerful, privileged, and often under-governed. This post covers the supply chain controls that keep operator installations from becoming the largest attack surface in your cluster.

Mar 4, 20267 min read
Regulatory Compliance

NIS2 Supply Chain Evidence For EU Operators

NIS2 expects essential and important entities to manage supply chain risk with documented evidence. Learn how to build a program that survives competent authority review.

Mar 4, 20267 min read
supply-chain (Page 20) — Safeguard Blog