supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
757 articles
AWS CodeBuild/CodePipeline Hardening in 2026
CodeBuild and CodePipeline still carry the biggest AWS supply chain blast radius per dollar. Here is how to harden them in 2026 without rewriting to a different CI.
Cosign for Container Signing: A Production Setup
A working production setup for Cosign image signing across CI, registries, and Kubernetes admission, including the parts that break at scale and how to recover.
OSS Malware Trends Q1 2026 (Safeguard Research)
The Safeguard Research team analyzed first-quarter 2026 malicious package telemetry across npm, PyPI, RubyGems, and crates.io. Here is what the data shows.
OpenShift Pipelines with Sigstore: A Production Integration Guide
OpenShift Pipelines (Tekton) plus Sigstore gives you keyless signing inside a regulated cluster. The integration patterns are subtle. We map the ones that survive audit.
AI Agent Security Risks: Why Autonomous Systems Are the Next Supply Chain Frontier
AI agents are consuming APIs, installing packages, and executing code autonomously. The security implications are massive and largely unaddressed.
The npm 'everything' Package Attack (2024) Analyzed
In January 2024 a developer published npm packages that depended on every public npm package, triggering a denial-of-service style incident across the registry.
Distroless vs. Chainguard vs. Wolfi: Real Differences
A working engineer's comparison of Google Distroless, Chainguard Images, and Wolfi as base images, covering what actually breaks in production and what does not.
AI Safety Eval Datasets as Supply Chain
The datasets you use to evaluate model safety are themselves a supply chain, and almost nobody is treating them that way. A senior engineer's audit of how eval corpora get poisoned, contaminated, and silently drifted.
GCP Artifact Registry Vulnerability Scanning: Integrating the Findings
Artifact Analysis on Artifact Registry produces a steady stream of findings. The discipline is in what you do with them. We map the workflows that actually reduce risk.
Pre-Commit Hooks Security Recipes for 2026
Practical pre-commit framework recipes that catch secrets, malicious packages, and risky changes before they reach your remote, without slowing developers down.
K8s Admission Controllers for Supply Chain Policy
How to design Kubernetes admission controllers that enforce supply chain policy without turning every deploy into a 30-minute argument with the cluster.
Securing Claude Code MCP Server Deployments
Claude Code MCP servers run with the privileges of the developer who invoked them. That makes deployment posture the entire security model.