supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Chocolatey Package Security on Windows: What You Need to Know
Chocolatey is the de facto package manager for Windows automation. Its trust model and security features deserve more scrutiny than most teams give them.
.NET Trimming Security Implications: What Gets Cut and Why It Matters
IL trimming reduces .NET application size but can silently remove security-relevant code paths. Here is what you need to watch for.
.NET 8 Supply Chain Improvements
.NET 8 quietly shipped several supply chain improvements worth knowing — NuGet audit, signed packages, SBOM tooling, and better source-link coverage.
Fintech Software Supply Chain Regulatory Map
A practical tour through the tangle of regulations, supervisory letters, and industry standards that now govern how fintech firms build, buy, and operate software.
Abandoned Package Takeover: When Maintainers Walk Away
Abandoned packages are ticking time bombs in the supply chain. When maintainers disappear, attackers can take over package names and push malicious updates to millions of downstream projects.
Capacitor and Ionic Hybrid App Security: A Practical Guide
Capacitor-based hybrid apps blend web technologies with native device access. This combination creates a unique attack surface that requires specific security strategies.
Crates.io Security Audit Results: The State of Rust Package Security
Security audits of the Rust crate ecosystem reveal patterns of unsafe code, build script risks, and supply chain vulnerabilities. Here is what the data shows.
Securing Software Update Mechanisms
Software updates are a double-edged sword: they deliver patches but also provide a trusted channel attackers can exploit. Securing the update mechanism itself is essential to supply chain integrity.
Lazarus Group Software Supply Chain Campaigns
A field analyst's look at how North Korea's Lazarus Group has turned software supply chains into a strategic weapon, from 3CX to npm.
Multi-Cloud Security Posture Management for Supply Chains
Running workloads across AWS, Azure, and GCP multiplies your attack surface. This guide covers cloud security posture management with a supply chain lens.
Earthly Reproducible Builds and Security
How Earthly's reproducible, containerized build system eliminates environment drift and strengthens build integrity for security-conscious teams.
NuGet Package Signing: Enterprise Rollout
Rolling NuGet package signing enforcement across a large .NET estate is a policy and tooling problem, not a cryptography problem. Here is how it actually goes.