Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Open Source Security

How to Detect Typosquatting in Package Installs

Build a pre-install guard that catches typosquatted npm, PyPI, and RubyGems dependencies using Levenshtein distance, download-count heuristics, and registry APIs.

Jan 15, 20245 min read
Lifecycle Management

Software Component Lifecycle Management

Components do not stay secure forever. This guide covers managing the full lifecycle of software dependencies -- from adoption through deprecation -- with a focus on security and operational continuity.

Jan 15, 20247 min read
Software Supply Chain Security

How to Security Audit an Open Source Project Before Adoption

Adopting an open source dependency is a trust decision. This guide provides a structured methodology for evaluating the security posture of open source projects before adding them to your supply chain.

Jan 15, 20246 min read
Ransomware

Akira Ransomware: Exploiting VPN Vulnerabilities for Supply Chain Entry

Akira ransomware systematically exploited Cisco VPN vulnerabilities as its primary entry vector, targeting organizations through the network infrastructure they trusted most.

Jan 12, 20247 min read
Industry Trends

Platform Engineering and Security: Building Guardrails, Not Gates

Platform engineering teams are becoming the stewards of developer experience. Here's how to make supply chain security a built-in capability, not a bolt-on burden.

Jan 12, 20245 min read
Software Supply Chain Security

Ansible Galaxy Security Risks: The Infrastructure Supply Chain You Forgot About

Ansible Galaxy roles and collections execute with root privileges on your infrastructure. Most teams apply zero security scrutiny to them.

Jan 8, 20244 min read
Software Supply Chain Security

Gradle Plugin Security Risks: The Code That Runs Before Your Code

Gradle plugins execute during your build with full access to your environment. Most teams never audit them. Here is why that is dangerous.

Jan 8, 20244 min read
Open Source Security

npm Registry Governance and the Security of node_modules

The npm registry serves billions of downloads per week. Its governance decisions directly impact the security of every Node.js application on the planet.

Jan 8, 20247 min read
Supply Chain Attacks

Software Supply Chain Security in 2023: Year in Review

From the MOVEit mass exploitation to AI model risks, 2023 proved that supply chain attacks are accelerating in both sophistication and scale. Here's what we learned.

Dec 20, 20235 min read
DevSecOps

Building a Security Automation Playbook Library for Supply Chain Defense

Security automation playbooks codify response procedures into executable workflows. A well-designed playbook library turns supply chain incidents from fire drills into routine operations.

Dec 18, 20236 min read
Offensive Security

Red Team Supply Chain Attack Simulation

How red teams can simulate real-world supply chain attacks to test organizational defenses—from dependency confusion to build pipeline compromise.

Dec 18, 20236 min read
Infrastructure Security

Puppet Forge Supply Chain Security: Trusting Your Configuration Management

Puppet modules from the Forge run with root-level access on your servers. The supply chain security of these modules deserves the same scrutiny as any dependency.

Dec 12, 20235 min read
supply-chain (Page 47) — Safeguard Blog