supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Insurance Industry Software Risk Assessment and Supply Chain Security
Insurers manage massive amounts of sensitive data through complex software systems. Here's how the insurance industry should approach software supply chain risk.
GCP Cloud Functions Supply Chain Risks
The supply-chain risks unique to GCP Cloud Functions: dependency resolution at deploy time, buildpack trust, runtime identity, and the audit trail the service does and does not give you.
Supply Chain Incident Forensics Playbook
A practical, hour-by-hour forensics playbook for responding to software supply chain incidents, from first alert through root cause and disclosure.
Managing Third-Party Software Risk With Safeguard TPRM
Your vendors' software is your risk. Safeguard TPRM gives you continuous visibility into the supply chain security posture of every third-party product you depend on.
Privacy Engineering in Software Supply Chains
Privacy by design cannot stop at your own code. Every dependency, every third-party service, every SDK in your supply chain is a privacy decision. Here is how to engineer privacy across the full stack.
Australia's Essential Eight and Software Supply Chain
The ACSC's November 2023 Essential Eight update tightened patching, application control, and software inventory expectations that every Australian-regulated entity now has to evidence.
Go Dependency Visualization for Security
The Go module graph is comparatively small, which makes it one of the few ecosystems where visualizing dependencies is actually useful for security review rather than just pretty.
Open-Source Contribution Security Guide
How to contribute to open-source projects without introducing security vulnerabilities, and how to evaluate the security posture of projects you contribute to.
Compliance Dashboard Design Patterns for Supply Chain Security
Compliance dashboards translate complex supply chain data into actionable views for auditors, executives, and engineering teams. These design patterns make the difference between a dashboard that drives action and one that collects dust.
Bazel Hermetic Builds: Supply Chain Benefits
How Bazel's hermeticity model reduces supply chain risk, with concrete WORKSPACE and MODULE.bazel examples from real migrations.
HIPAA Meets HITRUST: Supply Chain Depth
HIPAA's Security Rule is thin on supply chain specifics. HITRUST CSF fills the gap with prescriptive third-party and software controls. Here's how the two frameworks intersect and how to build a program that satisfies both.
Kubernetes Network Policies: The Supply Chain Angle
Network policies are usually framed as a zero-trust tool. They are also one of the best defenses against a compromised dependency.