Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Cloud Security

Cloudflare Workers: Supply Chain Threat Model

Cloudflare Workers collapse the build, deploy, and runtime into one surface. That changes the supply chain threat model in ways most teams underestimate.

Mar 1, 20268 min read
Best Practices

Continuous Asset Discovery vs Quarterly Inventory

Quarterly inventories are wrong by the time they are signed. Continuous discovery is the only model that matches modern rates of change.

Feb 28, 20267 min read
Open Source Security

Polyglot Monorepo: Unified Supply Chain Program

A 2026 unified supply chain program for polyglot monorepos — bringing Node, Python, Go, Java, and more under one set of policies — anchored by Safeguard.

Feb 28, 20267 min read
Best Practices

TPRM Budget Justification For The Board

TPRM budgets get cut because the program cannot quantify what it prevents. Here is the framing that lands with boards: avoided losses, regulatory exposure, and continuity.

Feb 28, 20267 min read
Regulatory Compliance

CMMC Level 2 Supply Chain Control Evidence

CMMC Level 2 assessments demand structured evidence for the SR family and adjacent controls. Learn how to produce assessor-ready supply chain artifacts.

Feb 27, 20267 min read
Container Security

Helm Chart Supply Chain Defence Blueprint

Helm charts are the most common Kubernetes deployment artifact and the least scrutinised. This blueprint covers chart provenance, signing, value validation, and the runtime correspondence checks that close the loop.

Feb 27, 20267 min read
SBOM & Compliance

Signed SBOMs As Procurement Leverage

Unsigned SBOMs are paperwork. Signed SBOMs with in-toto attestations are leverage. Here is how mature procurement programmes use signing to harden vendor relationships.

Feb 27, 20267 min read
AI Security

Fine-Tuning Poisoning Detection for Supply Chains

Fine-tuning inherits every problem of the base model and adds dataset provenance as a new one. Here is how detection actually works in practice.

Feb 27, 20267 min read
Best Practices

Safeguard vs Snyk: Detailed 2026 Comparison

A senior engineer's breakdown of how Safeguard and Snyk differ in 2026 across SCA depth, reachability analysis, remediation, and container security.

Feb 27, 20267 min read
DevSecOps

Cosign Keyless Signing Workflows in 2026

How keyless signing has matured: OIDC identities, transparency log dependencies, attestation patterns, and the operational details teams still get wrong.

Feb 26, 20266 min read
Industry Analysis

Manufacturing OT Supply Chain Security in 2026

Manufacturing has converged IT and OT for a decade, and the supply chain risk has followed. Here is what IEC 62443-aligned vendor management looks like in 2026, with the threats that justify it.

Feb 26, 20265 min read
Incident Analysis

Microsoft Midnight Blizzard Source Code Theft 2024

Midnight Blizzard moved from email exfiltration to Microsoft source code repositories. The pivot from stolen OAuth tokens to code access is the supply chain lesson.

Feb 25, 20268 min read
supply-chain (Page 22) — Safeguard Blog