Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Best Practices

Payment Processor Dependency Risks

The libraries and services that sit between a merchant and the card networks carry concentrated risk. A practical look at what goes wrong, and how to build a dependency program that catches it.

Jun 18, 20247 min read
DevSecOps

AWS CodePipeline Hardening Patterns

CodePipeline is the glue between your source, build, and deploy. It is also the thing that gets the widest IAM role in most AWS accounts. Here is how to harden it without rewriting your pipelines.

Jun 15, 20247 min read
Industry Analysis

Elastic Security Supply Chain Signals

How to surface software supply chain threats in Elastic Security using EQL, detection rules, and the Elastic Common Schema for build pipeline and registry events.

Jun 15, 20247 min read
DevSecOps

Gradle Build Cache Security Hardening

The Gradle build cache is a performance feature with supply chain consequences. Here is how to configure it so cache poisoning, stale outputs, and cross-project contamination do not become your next incident.

Jun 10, 20247 min read
Container Security

How to Sign Container Images With Cosign: A Complete Guide

A practical walkthrough for signing container images with Cosign using keyless OIDC, verifying signatures, and enforcing policy in your Kubernetes cluster.

Jun 10, 20245 min read
Application Security

Tauri Desktop App Security Model: What Developers Need to Know

Tauri offers a fundamentally different security model than Electron for desktop applications. Understanding its permission system, IPC boundaries, and supply chain implications is critical.

Jun 5, 20247 min read
Best Practices

Next.js Supply Chain Security Hardening

Next.js pulls hundreds of transitive dependencies into production bundles, and the middleware auth bypass of March 2025 showed how a single framework CVE cascades across every App Router deployment. Here is the hardening playbook for 2024 and beyond.

Jun 4, 20246 min read
Industry Analysis

Insurance Industry Software Supply Chain

Insurers underwrite cyber risk while running on the same fragile dependency graphs as everyone else. A look at the industry's software supply chain blind spots.

May 30, 20246 min read
DevSecOps

Harness.io Supply Chain Security Reviewed

A security review of the Harness.io platform covering SSCA, CI/CD governance, STO integration, and the practical configuration required to get a production-grade supply chain posture.

May 28, 20247 min read
DevSecOps

GCP Cloud Build Hardening in Production

Lessons from hardening Cloud Build pipelines in production environments: private pools, least-privilege service accounts, provenance, and the controls that actually stop lateral movement.

May 25, 20247 min read
Open Source Security

Go Workspaces Supply Chain Risks

Go workspaces make multi-module development feel natural, but the go.work file introduces a new trust boundary that can quietly override pinned versions and bypass checksum verification.

May 22, 20246 min read
Regulatory Compliance

Utilities Sector NERC CIP Software Supply Chain

NERC CIP-013 turned software supply chain into a regulated obligation for the bulk electric system. A practical look at what utilities are actually doing.

May 20, 20247 min read
supply-chain (Page 39) — Safeguard Blog