supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
757 articles
Ruby Native Extensions Supply Chain
Native C extensions are the most under-audited part of the Ruby supply chain: how they get built, what can go wrong, and how to monitor them as seriously as you monitor pure-Ruby code.
GraphQL Supply Chain Security Considerations
Supply chain risks specific to GraphQL stacks: Apollo, graphql-js, persisted queries, introspection, and transitive risk in gateway federation.
AWS CDK Construct Library Security
CDK constructs are code that provisions infrastructure. Most teams audit the infrastructure but not the constructs. Here is how to think about construct library security and what to check.
Witness Attestation Collection Workflow
Witness turns build steps into a chain of signed attestations. Here is how we use it in production pipelines, what it does well, and where the edges still cut.
RubyGems.org and Sigstore: Progress Check
An honest look at where RubyGems.org stands with Sigstore integration, what has shipped, what is still being debated, and how maintainers can prepare for signed gems.
Dagger.io Supply Chain Pipelines
Dagger programmatic pipelines offer genuine supply chain benefits when used well. Here are the patterns and pitfalls from running Dagger in production.
Database Platform Migration: Supply Chain
Database migrations touch every part of the software supply chain. This guide covers how to keep schemas, secrets, and data lineage secure during a platform change.
Vulnerability Intelligence Platforms Compared for Supply Chain Security
Vulnerability intelligence platforms aggregate, enrich, and prioritize vulnerability data. This comparison examines how leading platforms handle supply chain-specific intelligence needs.
Supply Chain IoC Catalog
A practical catalog of indicators of compromise for software supply chain attacks, with detection queries and false-positive notes.
Healthtech FDA Software Supply Chain Guidance
The FDA's cybersecurity guidance has quietly turned into one of the most consequential supply chain regulations in US software. A walkthrough for engineering teams shipping connected medical products.
Rust Feature Flags: Supply Chain Implications
Cargo feature flags look like a compilation convenience but they are a load-bearing piece of your supply chain posture. Here is why.
Jenkins + Maven Integration Security
Jenkins is still the most common Maven build driver in enterprise Java shops. It is also where most supply chain incidents start. Here is what to change before it becomes your problem.