Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

DevSecOps

Tekton Pipeline Security Guide

Securing Tekton CI/CD pipelines on Kubernetes with task isolation, supply chain verification, and least-privilege service accounts.

Oct 22, 20225 min read
Security

Package Lock Files and Their Security Implications

Lock files are your first line of defense against dependency drift. This guide explains how package-lock.json, yarn.lock, and similar files protect your builds from supply chain manipulation.

Oct 18, 20228 min read
Developer Security

VS Code Extension Marketplace Security: The IDE Supply Chain

VS Code extensions run with the same privileges as your editor — which means full access to your source code, terminal, and credentials. The marketplace security model does not prevent malicious extensions.

Oct 18, 20225 min read
Compliance

GDPR and Software Supply Chain Obligations You Can't Ignore

GDPR's security requirements extend deep into software supply chains. Here's where data protection law meets dependency management.

Oct 8, 20226 min read
Industry Guides

Telecommunications Supply Chain Security: Protecting Critical Infrastructure

Telecom networks are critical infrastructure that depend on complex software supply chains. Here's how carriers and equipment providers should approach security.

Oct 5, 20227 min read
Infrastructure Security

Database Extensions as Supply Chain Risk: The Overlooked Attack Surface

PostgreSQL extensions, MySQL plugins, and database add-ons run with database-level privileges. A compromised extension has direct access to your data. Most organizations never audit them.

Sep 28, 20225 min read
Software Supply Chain Security

Compression Library Vulnerabilities: From zlib to the xz Backdoor

Compression libraries are everywhere and trusted implicitly. The xz backdoor proved that trust can be weaponized. Here is the full picture.

Sep 22, 20226 min read
Industry Guides

Retail and E-Commerce Software Supply Chain Security

E-commerce platforms process millions in transactions daily using open-source components. Here's how retail organizations should manage software supply chain risk.

Sep 15, 20227 min read
Software Supply Chain Security

Path Traversal in Dependency Installation: Writing Files Where They Should Not Go

Package archives can contain path traversal sequences that write files outside the expected directory. Most developers never check for this.

Sep 8, 20224 min read
Open Source Security

Rust Supply Chain Security: How crates.io Stacks Up Against npm and PyPI

Rust's crates.io registry has design advantages for supply chain security, but it's not immune. Here's an honest assessment of the Rust ecosystem.

Sep 8, 20226 min read
Supply Chain Attacks

Malicious GitHub Commits: The Overlooked Supply Chain Attack Vector

Attackers can impersonate any committer on GitHub, inject malicious code through PRs, and exploit lax review processes. Here's the risk.

Aug 20, 20227 min read
Supply Chain Security

Supply Chain Security for Government Agencies

Government agencies face unique software supply chain threats. Here's how federal and state organizations can protect critical infrastructure from compromise.

Aug 18, 20226 min read
supply-chain (Page 58) — Safeguard Blog