supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Cloudflare Workers: Supply Chain Threat Model
Cloudflare Workers collapse the build, deploy, and runtime into one surface. That changes the supply chain threat model in ways most teams underestimate.
Continuous Asset Discovery vs Quarterly Inventory
Quarterly inventories are wrong by the time they are signed. Continuous discovery is the only model that matches modern rates of change.
Polyglot Monorepo: Unified Supply Chain Program
A 2026 unified supply chain program for polyglot monorepos — bringing Node, Python, Go, Java, and more under one set of policies — anchored by Safeguard.
TPRM Budget Justification For The Board
TPRM budgets get cut because the program cannot quantify what it prevents. Here is the framing that lands with boards: avoided losses, regulatory exposure, and continuity.
CMMC Level 2 Supply Chain Control Evidence
CMMC Level 2 assessments demand structured evidence for the SR family and adjacent controls. Learn how to produce assessor-ready supply chain artifacts.
Helm Chart Supply Chain Defence Blueprint
Helm charts are the most common Kubernetes deployment artifact and the least scrutinised. This blueprint covers chart provenance, signing, value validation, and the runtime correspondence checks that close the loop.
Signed SBOMs As Procurement Leverage
Unsigned SBOMs are paperwork. Signed SBOMs with in-toto attestations are leverage. Here is how mature procurement programmes use signing to harden vendor relationships.
Fine-Tuning Poisoning Detection for Supply Chains
Fine-tuning inherits every problem of the base model and adds dataset provenance as a new one. Here is how detection actually works in practice.
Safeguard vs Snyk: Detailed 2026 Comparison
A senior engineer's breakdown of how Safeguard and Snyk differ in 2026 across SCA depth, reachability analysis, remediation, and container security.
Cosign Keyless Signing Workflows in 2026
How keyless signing has matured: OIDC identities, transparency log dependencies, attestation patterns, and the operational details teams still get wrong.
Manufacturing OT Supply Chain Security in 2026
Manufacturing has converged IT and OT for a decade, and the supply chain risk has followed. Here is what IEC 62443-aligned vendor management looks like in 2026, with the threats that justify it.
Microsoft Midnight Blizzard Source Code Theft 2024
Midnight Blizzard moved from email exfiltration to Microsoft source code repositories. The pivot from stolen OAuth tokens to code access is the supply chain lesson.