supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Post-Install Hooks Across Package Managers: A Comparative Security Analysis
Every package ecosystem handles install-time code execution differently. Some are permissive, some restrictive, and the differences matter for supply chain security.
How to Verify a PyPI Package Before Install
A practical pre-install verification workflow for PyPI packages covering sigstore attestations, maintainer checks, and sdist auditing.
Purple Team Exercises for Supply Chain Security
Purple team exercises combine offensive and defensive perspectives to test supply chain defenses. Here is how to structure exercises that improve both detection capabilities and attack understanding.
How to Audit npm Postinstall Scripts Safely
Inspect every lifecycle script in your node_modules tree, disable dangerous ones by default, and catch malicious postinstall hooks before they execute.
Chainguard Images: The Zero-CVE Container Base Image Revolution
Chainguard ships container images with zero known CVEs. That sounds like marketing until you understand how they build them. Here is the technical reality behind the claim.
AI Model Supply Chain Risks: Hugging Face and the New Attack Surface
As organizations download pre-trained models from Hugging Face and other model hubs, the AI supply chain introduces risks that traditional software security tools don't address.
Security Considerations When Migrating from Monolith to Microservices
Decomposing a monolith into microservices changes the attack surface fundamentally. The security model that worked for the monolith will not work for the distributed system.
Singapore's Cybersecurity Act and Software Supply Chain Obligations
Singapore's regulatory approach to cybersecurity is maturing fast, with supply chain security becoming a central pillar. Here's what's changing.
The LLM Supply Chain: Risks Hiding in Foundation Models
Large language models have their own supply chains: training data, fine-tuning datasets, model weights, and serving infrastructure. Each layer introduces risk.
SBOMs in the Automotive Industry: Navigating Software-Defined Vehicles
Modern vehicles contain over 100 million lines of code. The automotive industry is waking up to software supply chain security, and SBOMs are central to the response.
CMMC 2.0 and Software Supply Chain Security: A Practical Guide
CMMC 2.0 is reshaping defense contracting requirements. Here's how software supply chain security maps to the new maturity model.
Dependency Hijacking Prevention: A Comprehensive Guide
Dependency hijacking encompasses multiple attack techniques that redirect dependency resolution to attacker-controlled packages. This guide covers all major hijacking vectors and their countermeasures.