Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Software Supply Chain Security

Cross-Language Dependency Analysis: Bridging npm, pip, Maven, and Beyond

Modern applications use multiple languages and package ecosystems. Analyzing dependencies across these boundaries requires techniques that single-ecosystem tools cannot provide.

Mar 18, 20236 min read
Software Supply Chain Security

Go Module Checksum Database: How It Secures Your Dependencies

Go checksum database is one of the most underappreciated supply chain security features in any language ecosystem. Here is how it works and where it falls short.

Mar 18, 20235 min read
Emerging Technology

Web3 Smart Contract Dependencies: A Supply Chain Security Blind Spot

Smart contracts import code from unaudited libraries, creating supply chain risks that have already led to billions in losses. The Web3 ecosystem needs better tooling.

Mar 15, 20235 min read
Browser Security

Chrome Extension Manifest V3: What It Means for Browser Supply Chain Security

Chrome's Manifest V3 restricts extension capabilities in the name of security. The changes help, but they do not solve the browser extension supply chain problem.

Mar 15, 20235 min read
Open Source Security

Go Modules Checksum Database: Five Years In

sum.golang.org went public in August 2019. After four years of production, here is what the Go checksum database got right and what it did not.

Mar 12, 20236 min read
Container Security

BuildKit and Buildah: Building Containers Without Giving Away the Keys

Container build tools have direct access to your source code, secrets, and registries. BuildKit and Buildah offer security features that most teams ignore. Here is what to use and why.

Mar 12, 20236 min read
Social Engineering

Email Security and Supply Chain Phishing Attacks

Phishing remains the top initial access vector for supply chain attacks. Targeted emails against developers, maintainers, and DevOps engineers open the door to code injection, credential theft, and pipeline compromise.

Mar 8, 20236 min read
Software Supply Chain Security

Maven Dependency Resolution Attacks: Exploiting Java's Build System

Maven's dependency resolution mechanism can be exploited through repository poisoning, dependency confusion, and POM manipulation. Here is what Java teams need to know.

Mar 5, 20235 min read
Software Supply Chain Security

Automating Typosquatting Detection for Package Registries

Typosquatting remains one of the most effective supply chain attacks. Automated detection using string distance algorithms, behavioral analysis, and registry monitoring can catch malicious packages before they reach your builds.

Mar 5, 20235 min read
Compliance

Australia's Critical Infrastructure Security Act and Software Supply Chain Risk

Australia's SOCI Act imposes strict cybersecurity obligations on critical infrastructure. Here's what software suppliers need to understand.

Mar 5, 20236 min read
DevSecOps

SBOM Sharing and Distribution Best Practices

Generating SBOMs is only half the battle. Sharing them securely and effectively with stakeholders requires careful planning and tooling.

Feb 15, 20236 min read
Security Architecture

Defense in Depth for the Software Supply Chain

No single control stops supply chain attacks. Defense in depth — layered controls across the entire software lifecycle — is the only strategy that works against sophisticated adversaries.

Feb 15, 20235 min read
supply-chain (Page 55) — Safeguard Blog