Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Industry Guides

Insurance Industry Software Risk Assessment and Supply Chain Security

Insurers manage massive amounts of sensitive data through complex software systems. Here's how the insurance industry should approach software supply chain risk.

Apr 18, 20247 min read
Best Practices

GCP Cloud Functions Supply Chain Risks

The supply-chain risks unique to GCP Cloud Functions: dependency resolution at deploy time, buildpack trust, runtime identity, and the audit trail the service does and does not give you.

Apr 15, 20247 min read
Best Practices

Supply Chain Incident Forensics Playbook

A practical, hour-by-hour forensics playbook for responding to software supply chain incidents, from first alert through root cause and disclosure.

Apr 15, 20246 min read
Product

Managing Third-Party Software Risk With Safeguard TPRM

Your vendors' software is your risk. Safeguard TPRM gives you continuous visibility into the supply chain security posture of every third-party product you depend on.

Apr 15, 20247 min read
Privacy

Privacy Engineering in Software Supply Chains

Privacy by design cannot stop at your own code. Every dependency, every third-party service, every SDK in your supply chain is a privacy decision. Here is how to engineer privacy across the full stack.

Apr 15, 20245 min read
Regulatory Compliance

Australia's Essential Eight and Software Supply Chain

The ACSC's November 2023 Essential Eight update tightened patching, application control, and software inventory expectations that every Australian-regulated entity now has to evidence.

Apr 14, 20245 min read
Open Source Security

Go Dependency Visualization for Security

The Go module graph is comparatively small, which makes it one of the few ecosystems where visualizing dependencies is actually useful for security review rather than just pretty.

Apr 12, 20247 min read
Organizational Security

Open-Source Contribution Security Guide

How to contribute to open-source projects without introducing security vulnerabilities, and how to evaluate the security posture of projects you contribute to.

Apr 12, 20247 min read
SBOM and Compliance

Compliance Dashboard Design Patterns for Supply Chain Security

Compliance dashboards translate complex supply chain data into actionable views for auditors, executives, and engineering teams. These design patterns make the difference between a dashboard that drives action and one that collects dust.

Apr 10, 20246 min read
DevSecOps

Bazel Hermetic Builds: Supply Chain Benefits

How Bazel's hermeticity model reduces supply chain risk, with concrete WORKSPACE and MODULE.bazel examples from real migrations.

Apr 8, 20246 min read
Regulatory Compliance

HIPAA Meets HITRUST: Supply Chain Depth

HIPAA's Security Rule is thin on supply chain specifics. HITRUST CSF fills the gap with prescriptive third-party and software controls. Here's how the two frameworks intersect and how to build a program that satisfies both.

Apr 8, 20246 min read
Container Security

Kubernetes Network Policies: The Supply Chain Angle

Network policies are usually framed as a zero-trust tool. They are also one of the best defenses against a compromised dependency.

Apr 8, 20247 min read
supply-chain (Page 42) — Safeguard Blog