supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
PowerShell Module Supply Chain Security
PowerShell modules are a supply chain people forget exists, and the trust model is weaker than NuGet's. Here is why that matters.
AI Model Poisoning: Detection Techniques for the Software Supply Chain
Poisoned AI models are a supply chain threat that traditional security tools can't detect. Here are the emerging techniques for identifying compromised models.
Latin America's Evolving Cybersecurity Regulations and Supply Chain Implications
From Brazil's LGPD to Mexico's cybersecurity reforms, Latin America is building a regulatory framework that will reshape how organizations manage software supply chain risk across the region.
cargo audit vs cargo deny
A practical head-to-head between cargo-audit 0.21 and cargo-deny 0.16 based on six months of running both in production CI pipelines.
XZ Utils Backdoor: Technical Breakdown
The xz-utils backdoor (CVE-2024-3094) nearly compromised SSH on every modern Linux distro. Here is how the implant worked and what it teaches us.
Threat Intelligence Feeds for Supply Chain Security
Supply chain threat intelligence goes beyond CVE databases. Specialized feeds track malicious packages, compromised maintainers, and emerging attack techniques targeting the software supply chain.
After XZ Utils: Rethinking Trust in Open Source Software
The XZ Utils backdoor forced the industry to confront uncomfortable questions about maintainer trust, funding, and the structural fragility of critical open source infrastructure.
Jenkins Pipeline Supply Chain Security
How Jenkins pipelines end up as supply chain attack vectors, covering Groovy sandbox risks, plugin CVEs, credential binding, and practical hardening for Jenkins 2.440+.
Forking Security: What Happens When Open Source Projects Diverge
When an open source project forks, the security implications cascade through every downstream consumer. Understanding fork dynamics is essential for managing supply chain risk.
Ninja Build Supply Chain Considerations
Ninja is a low-level build tool, not a package manager. That framing matters for understanding its supply chain properties and common misconceptions.
Splunk Supply Chain Detection Content Pack
A practical look at building a Splunk content pack for software supply chain threats, with SPL searches for CI/CD anomalies, package registry abuse, and build provenance violations.
GCP Cloud Run Supply Chain Security
A practical playbook for protecting the supply chain of services running on Cloud Run: image provenance, Binary Authorization, runtime identity, and the gaps the default configuration leaves wide open.