Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

757 articles

Open Source Security

NuGet Signed Packages Verification

NuGet supports signed packages — author signatures, repository signatures, and verification modes. A practical guide to enforcing it properly.

Nov 22, 20245 min read
Industry Analysis

FIN7: Financial-Sector Supply Chain Tradecraft

FIN7 has spent a decade evolving from POS malware to supply chain operations. A look at the current tradecraft and the implications for financial-sector defenders.

Nov 20, 20246 min read
Regulatory Compliance

Automotive ISO/SAE 21434: Supply Chain Implications

ISO/SAE 21434 makes cybersecurity a type-approval requirement. Here is how the standard reshapes OEM and tier-N software supply chain obligations.

Nov 18, 20247 min read
Best Practices

Migrating VPN to Zero Trust: Supply Chain

A phased playbook for retiring corporate VPN concentrators in favor of zero trust network access, with specific guidance for protecting software supply chain pipelines.

Nov 18, 20247 min read
Open Source Security

Java Modules Supply Chain Security

The Java Platform Module System arrived in Java 9 and has aged into quiet maturity. What JPMS actually does for supply chain posture in enterprise Java.

Nov 15, 20245 min read
Industry News

OpenSSF Launches SIREN: A Mailing List for Open Source Threat Intelligence

The Open Source Security Foundation introduces SIREN, a dedicated mailing list for sharing real-time threat intelligence about attacks targeting open source ecosystems.

Nov 15, 20246 min read
Ransomware

Play Ransomware: Supply Chain Exploitation Through Managed Service Providers

Play ransomware refined the MSP attack model, exploiting FortiOS and RDP vulnerabilities to cascade through managed service providers into hundreds of downstream organizations.

Nov 15, 20247 min read
DevSecOps

Signing Python Wheels in Production

PyPI supports attestations now. Here is how to actually sign Python wheels in a CI pipeline, verify them at install time, and deal with the rough edges.

Nov 12, 20246 min read
DevSecOps

Concourse CI Supply Chain Hardening

A practical hardening guide for Concourse CI: resource type trust, worker isolation, team-level RBAC, and the var source security that underpins the platform's multi-tenancy model.

Nov 8, 20248 min read
DevSecOps

Earthly Containerized Builds Supply Chain

Earthly combines container isolation with Makefile-style ergonomics. Here's what that means for supply chain posture, with real Earthfile examples.

Nov 8, 20247 min read
Best Practices

AWS IAM Roles Anywhere and the Supply Chain

IAM Roles Anywhere lets workloads outside AWS assume IAM roles using X.509 certificates. It is also becoming the authentication layer for supply chain tools. Here is what the threat model looks like.

Nov 5, 20248 min read
Open Source Security

JRuby Supply Chain Considerations

JRuby sits at the intersection of the Ruby and Java supply chains, and the security story reflects both. A look at how JRuby's dual nature affects gem security and what defenders should know.

Nov 5, 20248 min read
supply-chain (Page 34) — Safeguard Blog