Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

757 articles

Open Source Security

Ruby Native Extensions Supply Chain

Native C extensions are the most under-audited part of the Ruby supply chain: how they get built, what can go wrong, and how to monitor them as seriously as you monitor pure-Ruby code.

Oct 8, 20248 min read
DevSecOps

GraphQL Supply Chain Security Considerations

Supply chain risks specific to GraphQL stacks: Apollo, graphql-js, persisted queries, introspection, and transitive risk in gateway federation.

Sep 30, 20245 min read
DevSecOps

AWS CDK Construct Library Security

CDK constructs are code that provisions infrastructure. Most teams audit the infrastructure but not the constructs. Here is how to think about construct library security and what to check.

Sep 25, 20247 min read
SBOM & Compliance

Witness Attestation Collection Workflow

Witness turns build steps into a chain of signed attestations. Here is how we use it in production pipelines, what it does well, and where the edges still cut.

Sep 22, 20247 min read
Open Source Security

RubyGems.org and Sigstore: Progress Check

An honest look at where RubyGems.org stands with Sigstore integration, what has shipped, what is still being debated, and how maintainers can prepare for signed gems.

Sep 20, 20247 min read
DevSecOps

Dagger.io Supply Chain Pipelines

Dagger programmatic pipelines offer genuine supply chain benefits when used well. Here are the patterns and pitfalls from running Dagger in production.

Sep 18, 20246 min read
Best Practices

Database Platform Migration: Supply Chain

Database migrations touch every part of the software supply chain. This guide covers how to keep schemas, secrets, and data lineage secure during a platform change.

Sep 18, 20247 min read
Vulnerability Management

Vulnerability Intelligence Platforms Compared for Supply Chain Security

Vulnerability intelligence platforms aggregate, enrich, and prioritize vulnerability data. This comparison examines how leading platforms handle supply chain-specific intelligence needs.

Sep 15, 20246 min read
Vulnerability Management

Supply Chain IoC Catalog

A practical catalog of indicators of compromise for software supply chain attacks, with detection queries and false-positive notes.

Sep 14, 20246 min read
Regulatory Compliance

Healthtech FDA Software Supply Chain Guidance

The FDA's cybersecurity guidance has quietly turned into one of the most consequential supply chain regulations in US software. A walkthrough for engineering teams shipping connected medical products.

Sep 12, 20247 min read
Open Source Security

Rust Feature Flags: Supply Chain Implications

Cargo feature flags look like a compilation convenience but they are a load-bearing piece of your supply chain posture. Here is why.

Sep 12, 20247 min read
DevSecOps

Jenkins + Maven Integration Security

Jenkins is still the most common Maven build driver in enterprise Java shops. It is also where most supply chain incidents start. Here is what to change before it becomes your problem.

Sep 8, 20247 min read
supply-chain (Page 36) — Safeguard Blog