supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
CISSP, CEH, OSCP: How Security Certifications Address Supply Chain Risks
Major security certifications are updating their content to cover supply chain threats. Here is what CISSP, CEH, and OSCP teach about supply chain security — and what they miss.
ChatGPT Plugins and the New Plugin Supply Chain Attack Surface
AI plugins connect LLMs to external services, creating a supply chain of trust that most users never examine. The risks are significant.
npm Install Script Security: The Code That Runs Before Your Code
npm install scripts execute arbitrary code during package installation. They are the most exploited vector in JavaScript supply chain attacks.
Securing Your Private Package Registry
Private package registries are high-value targets for supply chain attackers. Here is how to lock them down, from access controls to dependency confusion prevention.
The Security Implications of Package Bundlers
Bundlers transform your code and dependencies into production artifacts. The security implications of this transformation are significant and widely overlooked.
Legal Tech Software Security and Compliance Considerations
Law firms and legal tech companies handle privileged data through increasingly complex software. Here's how to manage the software supply chain risk.
HIPAA and Software Supply Chain Compliance for Health Tech
HIPAA's Security Rule requires safeguards that extend to software dependencies. Here's what health tech developers and vendors need to address.
Serverless Security: Supply Chain Risks in Lambda, Cloud Functions, and Azure Functions
Serverless architectures shift the attack surface from infrastructure to application dependencies. This guide covers the unique supply chain risks of serverless and how to address them.
Low-Code/No-Code Platforms: The Shadow Supply Chain in Your Organization
Citizen developers are building applications on low-code platforms faster than security teams can assess them. The supply chain risks are real and growing.
Malware Analysis Techniques for Suspicious npm Packages
When an npm package looks suspicious, you need a systematic approach to determine if it is malicious. These analysis techniques separate noise from genuine threats.
Subresource Integrity Failures: When CDN Trust Goes Wrong
SRI protects against CDN compromises and supply chain attacks on client-side scripts. Most web applications do not use it. Here is what they are missing.
Elixir and Hex Package Security: Protecting the BEAM Ecosystem
Elixir's Hex package manager serves a smaller but growing ecosystem. Smaller does not mean safer — here is what Elixir teams need to know about dependency security.