Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

757 articles

Industry Analysis

Datadog Security for Supply Chain Monitoring

Using Datadog's Cloud SIEM, ASM, and logs pipeline to monitor software supply chain threats across CI/CD, registries, and runtime.

Sep 8, 20247 min read
Open Source Security

.NET Source Generator Security Risks

Source generators are C# code that executes during compilation with developer privileges. The .NET equivalent of Rust's proc macros — and the same underexamined attack surface.

Sep 5, 20246 min read
Software Supply Chain Security

Cross-Platform App Supply Chain Risks You Cannot Ignore

Cross-platform frameworks multiply supply chain attack surfaces by combining multiple dependency ecosystems. Understanding these compounded risks is essential for modern mobile and desktop security.

Sep 5, 20247 min read
Regulatory Compliance

CCPA Meets Software Supply Chain

CCPA and CPRA are mostly about data rights, but the reasonable-security provisions and service-provider obligations reach deep into software supply chain practice. Here's how the two connect.

Aug 28, 20247 min read
DevSecOps

Please Build System Security Review

A hands-on security review of Please, the open-source Bazel-inspired build system, including sandbox behavior, BUILD rules, and supply chain trade-offs.

Aug 28, 20246 min read
Regulatory Compliance

UK NCSC Software Supply Chain Guidance Update

The UK NCSC expanded its supply chain guidance in 2023-2024, aligning with the Cyber Security and Resilience Bill and pushing SBOMs, vendor assurance, and provenance controls.

Aug 26, 20245 min read
Open Source Security

RubyGems Typosquatting Incidents: 2024

A running ledger of typosquat incidents on RubyGems.org through 2024, the patterns across them, and what the year's data says about where the registry's defenses still fall short.

Aug 25, 20248 min read
Regulatory Compliance

Telemedicine Supply Chain Privacy and Security

Telehealth platforms depend on video SDKs, third-party transcription, and mobile frameworks. A regulatory walkthrough for HIPAA-covered virtual care.

Aug 20, 20247 min read
Best Practices

Incident Response Playbook: Supply Chain Compromise

A step-by-step playbook for responding to upstream dependency, build system, and vendor compromises, including roles, timelines, and stakeholder communications.

Aug 19, 20246 min read
Open Source Security

Gradle Version Catalogs Security

Gradle version catalogs centralise dependency versions in one file. The security payoff is concrete: auditability, uniform enforcement, and a single PR gate.

Aug 18, 20245 min read
DevSecOps

Security Data Lake Architecture for Supply Chain Intelligence

A security data lake aggregates SBOMs, vulnerability data, build provenance, and runtime signals into a queryable store. This architecture enables the cross-cutting analysis that siloed tools cannot provide.

Aug 15, 20247 min read
Open Source Security

Go Toolchain Distribution Security

The Go toolchain directive can automatically download and run a different compiler version than the one your developers installed, which is convenient, reproducible, and worth understanding as a supply chain surface.

Aug 14, 20246 min read
supply-chain (Page 37) — Safeguard Blog