supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
SBOMs for Firmware and IoT Devices: The Hard Problem
Generating accurate SBOMs for firmware and IoT devices remains one of the toughest challenges in supply chain security. Here's the current state of the art.
Gartner SRM Summit 2025 Recap
Gartner's 2025 Security & Risk Management Summit pushed CISOs to focus on supply chain risk, AI governance, and measurable outcomes. Here is the analyst view.
MCP Server Registry Security Governance
MCP servers are becoming a new dependency class with their own supply chain risks. How to think about registry governance, verification, and enterprise ingestion policy.
FAQ: When Do You Need a Dedicated SBOM Tool?
When a scanner's built-in SBOM export stops being enough — signals you need a dedicated SBOM tool, what one actually does, and how to evaluate.
SCA with Reachability: A Buyer Guide for 2026
How to evaluate software composition analysis tools that claim reachability analysis, including the technical questions that separate real implementations from marketing.
VS Code Extensions and Supply Chain Risk in 2026
VS Code extensions run with full editor privileges and broad filesystem access. A look at the real attacks, the marketplace's blind spots, and how to harden the workstation.
PCI DSS 4.0 Supply Chain Requirements in 2026
The PCI DSS 4.0 future-dated requirements became mandatory on March 31, 2025. The supply chain expectations are the ones most QSAs are now testing in detail.
Buy, Build, or Hybrid: Supply Chain Security in 2026
The build-it-yourself era of supply chain security is ending. The full-stack vendor era has not arrived. The right architecture in 2026 is hybrid — and the decisions are different than they look.
Getting Started: Safeguard Kubernetes Admission
Deploy the Safeguard admission controller to block images with unresolved critical vulnerabilities before they run in your cluster.
Multi-Cloud Software Supply Chain Abstractions
Running supply chain controls across AWS, Azure, and GCP means picking the right abstractions. Here is which ones hold up and which ones you will regret.
Top 10 Riskiest Transitive Dependencies 2026
The Safeguard Research team built a risk index for transitive dependencies and ranked the ten categories that concentrate the most risk in modern stacks.
Multi-Modal AI Supply Chain Considerations
Multi-modal models bring image, audio, and video into the AI supply chain. Each modality introduces provenance and integrity challenges that text-only pipelines never had to face.