Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

757 articles

Best Practices

SvelteKit Supply Chain Considerations

SvelteKit's compiled-output philosophy gives it a smaller runtime footprint than React frameworks, but the build-time supply chain is just as complex. Here is what to watch for when you adopt Svelte in production.

Aug 14, 20246 min read
Regulatory Compliance

Aviation RTCA DO-326A and the Software Supply Chain

How DO-326A and DO-356A reframe airworthiness security around the supply chain, and what engineering teams must deliver to survive certification.

Aug 8, 20247 min read
Container Security

Azure Container Registry Trust Model

What Azure Container Registry actually guarantees about the images you pull — signing, attestation, content trust, and where the trust chain breaks in practice.

Jul 28, 20247 min read
Best Practices

Monolith to Microservices: Supply Chain Changes

What really happens to your software supply chain when you decompose a monolith into services, and how to avoid trading one risk for forty new ones.

Jul 28, 20247 min read
Incident Analysis

CrowdStrike Falcon Global Outage: A Post-Mortem Deep Dive

A technical reconstruction of the July 19 CrowdStrike Falcon sensor crash that grounded 8.5M Windows hosts, and what supply chain owners should change.

Jul 25, 20245 min read
Open Source Security

GraalVM Native Image Supply Chain

GraalVM native images change the supply chain story in ways that most SBOM tooling has not caught up with yet. Here is what gets baked in, what gets stripped out, and what still needs to be tracked.

Jul 20, 20247 min read
Regulatory Compliance

Open Banking API Supply Chain Security

Open banking depends on a tangle of SDKs, certificate authorities, and directory services. What PSD2, the UK's Open Banking Standard, and the emerging US framework mean for supply chain security.

Jul 18, 20247 min read
Vulnerability Management

Fuzzing Open Source for Supply Chain Findings

How modern coverage-guided fuzzing finds real vulnerabilities in open-source dependencies, and how to fold it into a supply-chain security program.

Jul 15, 20247 min read
Open Source Security

rust crates.io Security Model Reviewed

A look at how crates.io handles authentication, yanking, namespace squatting, and the supply chain risks that remain in mid-2024.

Jul 14, 20246 min read
Best Practices

GCP Workload Identity Federation: Supply Chain Uses

How to use GCP Workload Identity Federation to eliminate long-lived service account keys from your supply chain: GitHub Actions, GitLab CI, external builders, and the misconfigurations that silently undermine the design.

Jul 12, 20247 min read
DevSecOps

Nix Reproducible Builds: A Supply Chain Case

Practical supply chain lessons from running Nix and Nix flakes in production, including flake.lock handling, content-addressed derivations, and cachix trust.

Jul 12, 20246 min read
Best Practices

FastAPI Supply Chain Security: A Working Guide

FastAPI's dependency surface is deceptively large. Here is how to lock it down in practice, covering Starlette, Pydantic, Uvicorn, and the plugins you likely missed.

Jul 5, 20246 min read
supply-chain (Page 38) — Safeguard Blog