Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Open Source Security

Poetry and Python Supply Chain Security

Poetry's lockfile is an asset. Its dependency resolver is a tradeoff. Here is how to run Poetry safely in a world of typosquats, dependency confusion, and unmaintained installers.

Feb 22, 20246 min read
Vulnerability Management

PDF Supply Chain Attack Vectors: When Documents Become Weapons

PDFs are trusted by default in most organizations. That trust makes them a potent vector for supply chain attacks. Here is how the attacks work.

Feb 22, 20245 min read
Software Supply Chain Security

Dependency Confusion in Private Registries: The Attack That Keeps Working

Dependency confusion exploits the gap between public and private package registries. Despite widespread awareness, organizations keep falling for it.

Feb 20, 20245 min read
SBOM

SBOMs for Microservices Architecture: Managing Complexity at Scale

When your application is 50 services with 50 dependency trees, SBOM management stops being simple. Here's how to handle it.

Feb 20, 20246 min read
Compliance

Supply Chain Incident Notification Laws: A Global Overview

Governments worldwide are mandating supply chain incident disclosure. Here is what organizations need to know about notification requirements across major jurisdictions.

Feb 18, 20246 min read
Industry Guides

Media and Entertainment Software Supply Chain Security

Streaming platforms, studios, and media companies depend on complex software stacks. Here's how the entertainment industry should approach supply chain security.

Feb 15, 20246 min read
Best Practices

Azure Managed Identities and the Supply Chain

Managed identities are the credential primitive that fixes most supply chain risk in Azure — but only if you use them the way the service actually intends.

Feb 14, 20248 min read
Open Source Security

go mod tidy: The Security Implications

Running go mod tidy feels like harmless housekeeping, but the command can silently pull new code, update checksums, and reshape your dependency graph in ways that have real security consequences.

Feb 10, 20247 min read
Industry Trends

Green Software and Security: When Sustainability Meets Supply Chain Risk

The push for sustainable software is changing how we build and deploy applications. Security teams need to understand where green initiatives create new risks.

Feb 8, 20245 min read
Infrastructure Security

Software Updates in Air-Gapped Environments: Security Without Connectivity

Air-gapped environments protect critical infrastructure by eliminating network connectivity. But software still needs updates. Bridging this gap without introducing the risks you isolated against is the challenge.

Feb 8, 20245 min read
Compliance

South Korea's Cybersecurity Regulations and Software Supply Chain Requirements

South Korea is strengthening cybersecurity regulations with new supply chain security frameworks. Here's the landscape for software vendors.

Feb 5, 20246 min read
Best Practices

Secure Boot UEFI and Software Supply Chain Links

How UEFI Secure Boot, shim, and Microsoft third-party UEFI CA connect to software supply chain risk in OS and firmware update pipelines.

Jan 30, 20245 min read
supply-chain (Page 46) — Safeguard Blog