Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Open Source Security

PowerShell Module Supply Chain Security

PowerShell modules are a supply chain people forget exists, and the trust model is weaker than NuGet's. Here is why that matters.

Apr 8, 20247 min read
AI Security

AI Model Poisoning: Detection Techniques for the Software Supply Chain

Poisoned AI models are a supply chain threat that traditional security tools can't detect. Here are the emerging techniques for identifying compromised models.

Apr 8, 20246 min read
Compliance

Latin America's Evolving Cybersecurity Regulations and Supply Chain Implications

From Brazil's LGPD to Mexico's cybersecurity reforms, Latin America is building a regulatory framework that will reshape how organizations manage software supply chain risk across the region.

Apr 8, 20246 min read
Open Source Security

cargo audit vs cargo deny

A practical head-to-head between cargo-audit 0.21 and cargo-deny 0.16 based on six months of running both in production CI pipelines.

Apr 5, 20246 min read
Incident Analysis

XZ Utils Backdoor: Technical Breakdown

The xz-utils backdoor (CVE-2024-3094) nearly compromised SSH on every modern Linux distro. Here is how the implant worked and what it teaches us.

Apr 5, 20246 min read
Threat Intelligence

Threat Intelligence Feeds for Supply Chain Security

Supply chain threat intelligence goes beyond CVE databases. Specialized feeds track malicious packages, compromised maintainers, and emerging attack techniques targeting the software supply chain.

Apr 5, 20245 min read
Supply Chain Security

After XZ Utils: Rethinking Trust in Open Source Software

The XZ Utils backdoor forced the industry to confront uncomfortable questions about maintainer trust, funding, and the structural fragility of critical open source infrastructure.

Apr 5, 20247 min read
DevSecOps

Jenkins Pipeline Supply Chain Security

How Jenkins pipelines end up as supply chain attack vectors, covering Groovy sandbox risks, plugin CVEs, credential binding, and practical hardening for Jenkins 2.440+.

Apr 2, 20247 min read
Open Source Security

Forking Security: What Happens When Open Source Projects Diverge

When an open source project forks, the security implications cascade through every downstream consumer. Understanding fork dynamics is essential for managing supply chain risk.

Apr 2, 20246 min read
DevSecOps

Ninja Build Supply Chain Considerations

Ninja is a low-level build tool, not a package manager. That framing matters for understanding its supply chain properties and common misconceptions.

Mar 28, 20247 min read
Industry Analysis

Splunk Supply Chain Detection Content Pack

A practical look at building a Splunk content pack for software supply chain threats, with SPL searches for CI/CD anomalies, package registry abuse, and build provenance violations.

Mar 28, 20247 min read
Container Security

GCP Cloud Run Supply Chain Security

A practical playbook for protecting the supply chain of services running on Cloud Run: image provenance, Binary Authorization, runtime identity, and the gaps the default configuration leaves wide open.

Mar 25, 20247 min read
supply-chain (Page 43) — Safeguard Blog