Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

SBOM

SBOMs for Firmware and IoT Devices: The Hard Problem

Generating accurate SBOMs for firmware and IoT devices remains one of the toughest challenges in supply chain security. Here's the current state of the art.

Feb 25, 20266 min read
Industry Analysis

Gartner SRM Summit 2025 Recap

Gartner's 2025 Security & Risk Management Summit pushed CISOs to focus on supply chain risk, AI governance, and measurable outcomes. Here is the analyst view.

Feb 23, 20268 min read
AI Security

MCP Server Registry Security Governance

MCP servers are becoming a new dependency class with their own supply chain risks. How to think about registry governance, verification, and enterprise ingestion policy.

Feb 22, 20266 min read
Best Practices

FAQ: When Do You Need a Dedicated SBOM Tool?

When a scanner's built-in SBOM export stops being enough — signals you need a dedicated SBOM tool, what one actually does, and how to evaluate.

Feb 22, 20267 min read
Software Supply Chain Security

SCA with Reachability: A Buyer Guide for 2026

How to evaluate software composition analysis tools that claim reachability analysis, including the technical questions that separate real implementations from marketing.

Feb 20, 20265 min read
Application Security

VS Code Extensions and Supply Chain Risk in 2026

VS Code extensions run with full editor privileges and broad filesystem access. A look at the real attacks, the marketplace's blind spots, and how to harden the workstation.

Feb 20, 20266 min read
Regulatory Compliance

PCI DSS 4.0 Supply Chain Requirements in 2026

The PCI DSS 4.0 future-dated requirements became mandatory on March 31, 2025. The supply chain expectations are the ones most QSAs are now testing in detail.

Feb 19, 20265 min read
Industry Analysis

Buy, Build, or Hybrid: Supply Chain Security in 2026

The build-it-yourself era of supply chain security is ending. The full-stack vendor era has not arrived. The right architecture in 2026 is hybrid — and the decisions are different than they look.

Feb 19, 20268 min read
Tutorials

Getting Started: Safeguard Kubernetes Admission

Deploy the Safeguard admission controller to block images with unresolved critical vulnerabilities before they run in your cluster.

Feb 19, 20267 min read
Cloud Security

Multi-Cloud Software Supply Chain Abstractions

Running supply chain controls across AWS, Azure, and GCP means picking the right abstractions. Here is which ones hold up and which ones you will regret.

Feb 19, 20267 min read
Research

Top 10 Riskiest Transitive Dependencies 2026

The Safeguard Research team built a risk index for transitive dependencies and ranked the ten categories that concentrate the most risk in modern stacks.

Feb 19, 20268 min read
AI Security

Multi-Modal AI Supply Chain Considerations

Multi-modal models bring image, audio, and video into the AI supply chain. Each modality introduces provenance and integrity challenges that text-only pipelines never had to face.

Feb 18, 20268 min read
supply-chain (Page 23) — Safeguard Blog