supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
757 articles
SvelteKit Supply Chain Considerations
SvelteKit's compiled-output philosophy gives it a smaller runtime footprint than React frameworks, but the build-time supply chain is just as complex. Here is what to watch for when you adopt Svelte in production.
Aviation RTCA DO-326A and the Software Supply Chain
How DO-326A and DO-356A reframe airworthiness security around the supply chain, and what engineering teams must deliver to survive certification.
Azure Container Registry Trust Model
What Azure Container Registry actually guarantees about the images you pull — signing, attestation, content trust, and where the trust chain breaks in practice.
Monolith to Microservices: Supply Chain Changes
What really happens to your software supply chain when you decompose a monolith into services, and how to avoid trading one risk for forty new ones.
CrowdStrike Falcon Global Outage: A Post-Mortem Deep Dive
A technical reconstruction of the July 19 CrowdStrike Falcon sensor crash that grounded 8.5M Windows hosts, and what supply chain owners should change.
GraalVM Native Image Supply Chain
GraalVM native images change the supply chain story in ways that most SBOM tooling has not caught up with yet. Here is what gets baked in, what gets stripped out, and what still needs to be tracked.
Open Banking API Supply Chain Security
Open banking depends on a tangle of SDKs, certificate authorities, and directory services. What PSD2, the UK's Open Banking Standard, and the emerging US framework mean for supply chain security.
Fuzzing Open Source for Supply Chain Findings
How modern coverage-guided fuzzing finds real vulnerabilities in open-source dependencies, and how to fold it into a supply-chain security program.
rust crates.io Security Model Reviewed
A look at how crates.io handles authentication, yanking, namespace squatting, and the supply chain risks that remain in mid-2024.
GCP Workload Identity Federation: Supply Chain Uses
How to use GCP Workload Identity Federation to eliminate long-lived service account keys from your supply chain: GitHub Actions, GitLab CI, external builders, and the misconfigurations that silently undermine the design.
Nix Reproducible Builds: A Supply Chain Case
Practical supply chain lessons from running Nix and Nix flakes in production, including flake.lock handling, content-addressed derivations, and cachix trust.
FastAPI Supply Chain Security: A Working Guide
FastAPI's dependency surface is deceptively large. Here is how to lock it down in practice, covering Starlette, Pydantic, Uvicorn, and the plugins you likely missed.