Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Supply Chain Security

Chocolatey Package Security on Windows: What You Need to Know

Chocolatey is the de facto package manager for Windows automation. Its trust model and security features deserve more scrutiny than most teams give them.

Mar 12, 20245 min read
Application Security

.NET Trimming Security Implications: What Gets Cut and Why It Matters

IL trimming reduces .NET application size but can silently remove security-relevant code paths. Here is what you need to watch for.

Mar 12, 20245 min read
Best Practices

.NET 8 Supply Chain Improvements

.NET 8 quietly shipped several supply chain improvements worth knowing — NuGet audit, signed packages, SBOM tooling, and better source-link coverage.

Mar 10, 20245 min read
Regulatory Compliance

Fintech Software Supply Chain Regulatory Map

A practical tour through the tangle of regulations, supervisory letters, and industry standards that now govern how fintech firms build, buy, and operate software.

Mar 5, 20247 min read
Software Supply Chain Security

Abandoned Package Takeover: When Maintainers Walk Away

Abandoned packages are ticking time bombs in the supply chain. When maintainers disappear, attackers can take over package names and push malicious updates to millions of downstream projects.

Mar 5, 20245 min read
Application Security

Capacitor and Ionic Hybrid App Security: A Practical Guide

Capacitor-based hybrid apps blend web technologies with native device access. This combination creates a unique attack surface that requires specific security strategies.

Mar 5, 20247 min read
Software Supply Chain Security

Crates.io Security Audit Results: The State of Rust Package Security

Security audits of the Rust crate ecosystem reveal patterns of unsafe code, build script risks, and supply chain vulnerabilities. Here is what the data shows.

Mar 5, 20246 min read
Supply Chain Security

Securing Software Update Mechanisms

Software updates are a double-edged sword: they deliver patches but also provide a trusted channel attackers can exploit. Securing the update mechanism itself is essential to supply chain integrity.

Mar 5, 20246 min read
Industry Analysis

Lazarus Group Software Supply Chain Campaigns

A field analyst's look at how North Korea's Lazarus Group has turned software supply chains into a strategic weapon, from 3CX to npm.

Feb 28, 20246 min read
Cloud Security

Multi-Cloud Security Posture Management for Supply Chains

Running workloads across AWS, Azure, and GCP multiplies your attack surface. This guide covers cloud security posture management with a supply chain lens.

Feb 28, 20247 min read
DevSecOps

Earthly Reproducible Builds and Security

How Earthly's reproducible, containerized build system eliminates environment drift and strengthens build integrity for security-conscious teams.

Feb 28, 20246 min read
Open Source Security

NuGet Package Signing: Enterprise Rollout

Rolling NuGet package signing enforcement across a large .NET estate is a policy and tooling problem, not a cryptography problem. Here is how it actually goes.

Feb 25, 20246 min read
supply-chain (Page 45) — Safeguard Blog