supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Payment Processor Dependency Risks
The libraries and services that sit between a merchant and the card networks carry concentrated risk. A practical look at what goes wrong, and how to build a dependency program that catches it.
AWS CodePipeline Hardening Patterns
CodePipeline is the glue between your source, build, and deploy. It is also the thing that gets the widest IAM role in most AWS accounts. Here is how to harden it without rewriting your pipelines.
Elastic Security Supply Chain Signals
How to surface software supply chain threats in Elastic Security using EQL, detection rules, and the Elastic Common Schema for build pipeline and registry events.
Gradle Build Cache Security Hardening
The Gradle build cache is a performance feature with supply chain consequences. Here is how to configure it so cache poisoning, stale outputs, and cross-project contamination do not become your next incident.
How to Sign Container Images With Cosign: A Complete Guide
A practical walkthrough for signing container images with Cosign using keyless OIDC, verifying signatures, and enforcing policy in your Kubernetes cluster.
Tauri Desktop App Security Model: What Developers Need to Know
Tauri offers a fundamentally different security model than Electron for desktop applications. Understanding its permission system, IPC boundaries, and supply chain implications is critical.
Next.js Supply Chain Security Hardening
Next.js pulls hundreds of transitive dependencies into production bundles, and the middleware auth bypass of March 2025 showed how a single framework CVE cascades across every App Router deployment. Here is the hardening playbook for 2024 and beyond.
Insurance Industry Software Supply Chain
Insurers underwrite cyber risk while running on the same fragile dependency graphs as everyone else. A look at the industry's software supply chain blind spots.
Harness.io Supply Chain Security Reviewed
A security review of the Harness.io platform covering SSCA, CI/CD governance, STO integration, and the practical configuration required to get a production-grade supply chain posture.
GCP Cloud Build Hardening in Production
Lessons from hardening Cloud Build pipelines in production environments: private pools, least-privilege service accounts, provenance, and the controls that actually stop lateral movement.
Go Workspaces Supply Chain Risks
Go workspaces make multi-module development feel natural, but the go.work file introduces a new trust boundary that can quietly override pinned versions and bypass checksum verification.
Utilities Sector NERC CIP Software Supply Chain
NERC CIP-013 turned software supply chain into a regulated obligation for the bulk electric system. A practical look at what utilities are actually doing.