Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

757 articles

Supply Chain Attacks

SolarWinds Sunburst: Five Years of Lessons in 2026

Half a decade after Sunburst, the build system compromise still defines how we think about software supply chain risk. A look at what stuck and what did not.

Jan 9, 20265 min read
Industry Analysis

Homomorphic Encryption in Software Supply Chains

A grounded look at BFV, CKKS, and TFHE schemes for supply chain workloads, measured costs, library choices, and where HE is not yet practical.

Dec 22, 20255 min read
Frameworks

OWASP Top 10:2025 RC1: Software Supply Chain Failures Becomes Its Own Category

The OWASP Top 10:2025 release candidate, published November 2025, splits Vulnerable Components into a broader Software Supply Chain Failures category and elevates Security Misconfiguration to #2.

Nov 20, 20257 min read
Build Security

Software Provenance: An End-to-End Guide

Provenance answers where software came from and how it was built. Here is how to implement end-to-end provenance tracking from source to deployment.

Nov 5, 20256 min read
Policy

ENISA Threat Landscape 2025: Supply Chain Section Decoded

ENISA's October 2025 report analysed 4,875 incidents from July 2024 to June 2025 and found phishing led at 60% of intrusions, with supply chain and slopsquatting as fast-growing vectors.

Nov 4, 20257 min read
Best Practices

The Complete Guide to Dependency Lifecycle Management

Dependencies are not static. They are born, maintained, deprecated, and abandoned. Here is how to manage the full lifecycle of your software dependencies.

Oct 30, 20257 min read
Agent Security

The MCP Registry and the Namespace-Impersonation Problem

The official MCP Registry launched in September 2025 with namespace-bound publishing. We unpack the trust model and what it does — and does not — defend against.

Oct 21, 20256 min read
Supply Chain

npm-check-updates: A Safe Dependency Upgrade Workflow

npm check updates (ncu) shows you every dependency with a newer version than your ranges allow. The tool is simple; the workflow around it is what keeps upgrades from breaking prod.

Oct 7, 20257 min read
Container Security

Prisma Cloud vs Wiz: Supply Chain Features

Both Prisma Cloud and Wiz have expanded into supply chain territory from cloud security origins. A head-to-head on what each actually delivers on the supply chain dimension.

Oct 2, 20255 min read
Industry Analysis

Supply Chain Attack Trends: Q3 2025

A data-led look at software supply chain attacks in Q3 2025: npm maintainer phishing, VS Code extension abuse, and a quiet shift toward CI/CD targeting.

Sep 25, 20254 min read
Supply Chain

Shai-Hulud: The Self-Replicating npm Worm That Hit 500+ Packages

On September 15, 2025, a self-replicating npm worm dubbed Shai-Hulud backdoored more than 500 packages, including @ctrl/tinycolor and CrowdStrike libraries, by pivoting through stolen publish tokens.

Sep 22, 20256 min read
Supply Chain

@ctrl/tinycolor and the 40-Package npm Wave of September 2025

@ctrl/tinycolor versions 4.1.1 and 4.1.2 shipped a credential-stealing payload that propagated to 40+ packages with 2 million combined weekly downloads in under 24 hours.

Sep 18, 20255 min read
supply-chain (Page 29) — Safeguard Blog