Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Software Supply Chain Security

Post-Install Hooks Across Package Managers: A Comparative Security Analysis

Every package ecosystem handles install-time code execution differently. Some are permissive, some restrictive, and the differences matter for supply chain security.

Dec 10, 20235 min read
Open Source Security

How to Verify a PyPI Package Before Install

A practical pre-install verification workflow for PyPI packages covering sigstore attestations, maintainer checks, and sdist auditing.

Dec 5, 20235 min read
DevSecOps

Purple Team Exercises for Supply Chain Security

Purple team exercises combine offensive and defensive perspectives to test supply chain defenses. Here is how to structure exercises that improve both detection capabilities and attack understanding.

Dec 5, 20235 min read
Open Source Security

How to Audit npm Postinstall Scripts Safely

Inspect every lifecycle script in your node_modules tree, disable dangerous ones by default, and catch malicious postinstall hooks before they execute.

Nov 22, 20234 min read
Container Security

Chainguard Images: The Zero-CVE Container Base Image Revolution

Chainguard ships container images with zero known CVEs. That sounds like marketing until you understand how they build them. Here is the technical reality behind the claim.

Nov 22, 20236 min read
AI Security

AI Model Supply Chain Risks: Hugging Face and the New Attack Surface

As organizations download pre-trained models from Hugging Face and other model hubs, the AI supply chain introduces risks that traditional software security tools don't address.

Nov 20, 20235 min read
Application Security

Security Considerations When Migrating from Monolith to Microservices

Decomposing a monolith into microservices changes the attack surface fundamentally. The security model that worked for the monolith will not work for the distributed system.

Nov 18, 20237 min read
Compliance

Singapore's Cybersecurity Act and Software Supply Chain Obligations

Singapore's regulatory approach to cybersecurity is maturing fast, with supply chain security becoming a central pillar. Here's what's changing.

Nov 10, 20235 min read
AI Security

The LLM Supply Chain: Risks Hiding in Foundation Models

Large language models have their own supply chains: training data, fine-tuning datasets, model weights, and serving infrastructure. Each layer introduces risk.

Nov 8, 20235 min read
Industry Analysis

SBOMs in the Automotive Industry: Navigating Software-Defined Vehicles

Modern vehicles contain over 100 million lines of code. The automotive industry is waking up to software supply chain security, and SBOMs are central to the response.

Nov 5, 20236 min read
Compliance

CMMC 2.0 and Software Supply Chain Security: A Practical Guide

CMMC 2.0 is reshaping defense contracting requirements. Here's how software supply chain security maps to the new maturity model.

Nov 5, 20236 min read
Software Supply Chain Security

Dependency Hijacking Prevention: A Comprehensive Guide

Dependency hijacking encompasses multiple attack techniques that redirect dependency resolution to attacker-controlled packages. This guide covers all major hijacking vectors and their countermeasures.

Nov 5, 20235 min read
supply-chain (Page 48) — Safeguard Blog