supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
757 articles
Datadog Security for Supply Chain Monitoring
Using Datadog's Cloud SIEM, ASM, and logs pipeline to monitor software supply chain threats across CI/CD, registries, and runtime.
.NET Source Generator Security Risks
Source generators are C# code that executes during compilation with developer privileges. The .NET equivalent of Rust's proc macros — and the same underexamined attack surface.
Cross-Platform App Supply Chain Risks You Cannot Ignore
Cross-platform frameworks multiply supply chain attack surfaces by combining multiple dependency ecosystems. Understanding these compounded risks is essential for modern mobile and desktop security.
CCPA Meets Software Supply Chain
CCPA and CPRA are mostly about data rights, but the reasonable-security provisions and service-provider obligations reach deep into software supply chain practice. Here's how the two connect.
Please Build System Security Review
A hands-on security review of Please, the open-source Bazel-inspired build system, including sandbox behavior, BUILD rules, and supply chain trade-offs.
UK NCSC Software Supply Chain Guidance Update
The UK NCSC expanded its supply chain guidance in 2023-2024, aligning with the Cyber Security and Resilience Bill and pushing SBOMs, vendor assurance, and provenance controls.
RubyGems Typosquatting Incidents: 2024
A running ledger of typosquat incidents on RubyGems.org through 2024, the patterns across them, and what the year's data says about where the registry's defenses still fall short.
Telemedicine Supply Chain Privacy and Security
Telehealth platforms depend on video SDKs, third-party transcription, and mobile frameworks. A regulatory walkthrough for HIPAA-covered virtual care.
Incident Response Playbook: Supply Chain Compromise
A step-by-step playbook for responding to upstream dependency, build system, and vendor compromises, including roles, timelines, and stakeholder communications.
Gradle Version Catalogs Security
Gradle version catalogs centralise dependency versions in one file. The security payoff is concrete: auditability, uniform enforcement, and a single PR gate.
Security Data Lake Architecture for Supply Chain Intelligence
A security data lake aggregates SBOMs, vulnerability data, build provenance, and runtime signals into a queryable store. This architecture enables the cross-cutting analysis that siloed tools cannot provide.
Go Toolchain Distribution Security
The Go toolchain directive can automatically download and run a different compiler version than the one your developers installed, which is convenient, reproducible, and worth understanding as a supply chain surface.