supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Poetry and Python Supply Chain Security
Poetry's lockfile is an asset. Its dependency resolver is a tradeoff. Here is how to run Poetry safely in a world of typosquats, dependency confusion, and unmaintained installers.
PDF Supply Chain Attack Vectors: When Documents Become Weapons
PDFs are trusted by default in most organizations. That trust makes them a potent vector for supply chain attacks. Here is how the attacks work.
Dependency Confusion in Private Registries: The Attack That Keeps Working
Dependency confusion exploits the gap between public and private package registries. Despite widespread awareness, organizations keep falling for it.
SBOMs for Microservices Architecture: Managing Complexity at Scale
When your application is 50 services with 50 dependency trees, SBOM management stops being simple. Here's how to handle it.
Supply Chain Incident Notification Laws: A Global Overview
Governments worldwide are mandating supply chain incident disclosure. Here is what organizations need to know about notification requirements across major jurisdictions.
Media and Entertainment Software Supply Chain Security
Streaming platforms, studios, and media companies depend on complex software stacks. Here's how the entertainment industry should approach supply chain security.
Azure Managed Identities and the Supply Chain
Managed identities are the credential primitive that fixes most supply chain risk in Azure — but only if you use them the way the service actually intends.
go mod tidy: The Security Implications
Running go mod tidy feels like harmless housekeeping, but the command can silently pull new code, update checksums, and reshape your dependency graph in ways that have real security consequences.
Green Software and Security: When Sustainability Meets Supply Chain Risk
The push for sustainable software is changing how we build and deploy applications. Security teams need to understand where green initiatives create new risks.
Software Updates in Air-Gapped Environments: Security Without Connectivity
Air-gapped environments protect critical infrastructure by eliminating network connectivity. But software still needs updates. Bridging this gap without introducing the risks you isolated against is the challenge.
South Korea's Cybersecurity Regulations and Software Supply Chain Requirements
South Korea is strengthening cybersecurity regulations with new supply chain security frameworks. Here's the landscape for software vendors.
Secure Boot UEFI and Software Supply Chain Links
How UEFI Secure Boot, shim, and Microsoft third-party UEFI CA connect to software supply chain risk in OS and firmware update pipelines.