supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Tekton Pipeline Security Guide
Securing Tekton CI/CD pipelines on Kubernetes with task isolation, supply chain verification, and least-privilege service accounts.
Package Lock Files and Their Security Implications
Lock files are your first line of defense against dependency drift. This guide explains how package-lock.json, yarn.lock, and similar files protect your builds from supply chain manipulation.
VS Code Extension Marketplace Security: The IDE Supply Chain
VS Code extensions run with the same privileges as your editor — which means full access to your source code, terminal, and credentials. The marketplace security model does not prevent malicious extensions.
GDPR and Software Supply Chain Obligations You Can't Ignore
GDPR's security requirements extend deep into software supply chains. Here's where data protection law meets dependency management.
Telecommunications Supply Chain Security: Protecting Critical Infrastructure
Telecom networks are critical infrastructure that depend on complex software supply chains. Here's how carriers and equipment providers should approach security.
Database Extensions as Supply Chain Risk: The Overlooked Attack Surface
PostgreSQL extensions, MySQL plugins, and database add-ons run with database-level privileges. A compromised extension has direct access to your data. Most organizations never audit them.
Compression Library Vulnerabilities: From zlib to the xz Backdoor
Compression libraries are everywhere and trusted implicitly. The xz backdoor proved that trust can be weaponized. Here is the full picture.
Retail and E-Commerce Software Supply Chain Security
E-commerce platforms process millions in transactions daily using open-source components. Here's how retail organizations should manage software supply chain risk.
Path Traversal in Dependency Installation: Writing Files Where They Should Not Go
Package archives can contain path traversal sequences that write files outside the expected directory. Most developers never check for this.
Rust Supply Chain Security: How crates.io Stacks Up Against npm and PyPI
Rust's crates.io registry has design advantages for supply chain security, but it's not immune. Here's an honest assessment of the Rust ecosystem.
Malicious GitHub Commits: The Overlooked Supply Chain Attack Vector
Attackers can impersonate any committer on GitHub, inject malicious code through PRs, and exploit lax review processes. Here's the risk.
Supply Chain Security for Government Agencies
Government agencies face unique software supply chain threats. Here's how federal and state organizations can protect critical infrastructure from compromise.