Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

DevSecOps

Securing GitHub Actions: Hardening Your CI/CD Supply Chain

GitHub Actions is a powerful CI/CD platform — and a significant attack surface. Here's how to lock it down against supply chain threats.

Aug 15, 20226 min read
Container Security

Docker Image Layer Security Analysis: What Lurks Beneath Your Containers

Every Docker image is a stack of layers, and each one can introduce vulnerabilities. Learn how to dissect image layers for security risks and what tools actually help.

Aug 12, 20227 min read
Software Supply Chain Security

pip Install Hooks Security Risks: Code Execution During Package Installation

Running pip install can execute arbitrary code on your machine before you ever import the package. Here is how install hooks create risk.

Aug 8, 20224 min read
DevSecOps

Reproducible Builds: The Gold Standard for Supply Chain Integrity

If you can't rebuild a binary from source and get the same result, you can't verify that the binary matches the source. Reproducible builds close this fundamental trust gap.

Aug 1, 20228 min read
DevSecOps

Zero Trust Architecture for the Software Supply Chain

Zero trust isn't just for networks. Applying zero trust principles to your software supply chain fundamentally changes how you manage dependency risk.

Jul 28, 20226 min read
Architecture

Microservices Security Architecture: A Supply Chain Perspective

Microservices multiply your dependency surface. This guide covers service mesh security, inter-service authentication, and dependency management across distributed architectures.

Jul 25, 20227 min read
Offensive Security

Bug Bounty Programs with a Supply Chain Focus

Traditional bug bounty programs miss supply chain vulnerabilities. Here's how to design a bounty program that incentivizes researchers to hunt in your dependency chain.

Jul 18, 20227 min read
DevSecOps

GitHub Actions Security Best Practices in 2022

A practical guide to hardening your GitHub Actions workflows against supply chain attacks, secret leaks, and privilege escalation.

Jul 15, 20226 min read
Ransomware

BlackCat/ALPHV Ransomware: Rust-Based Innovation and Supply Chain Exploitation

BlackCat (ALPHV) brought Rust programming, triple extortion, and supply chain targeting to the ransomware-as-a-service model, raising the bar for both attackers and defenders.

Jul 12, 20227 min read
Infrastructure Security

CDN Supply Chain Security Risks You Should Know

Content delivery networks serve billions of software assets daily. When a CDN is compromised, the blast radius is enormous. Here's what CDN supply chain risks look like and how to defend against them.

Jul 8, 20226 min read
Threat Intelligence

Dark Web Monitoring for Supply Chain Threats

Software supply chain credentials, stolen signing keys, and zero-day exploits for build tools are traded on dark web forums. Monitoring these channels provides early warning of supply chain attacks.

Jul 5, 20225 min read
Software Supply Chain Security

npm Lockfile Injection Attacks: How Tampered package-lock.json Files Compromise Builds

Lockfile injection is a subtle supply chain attack where malicious changes to package-lock.json redirect dependency resolution to attacker-controlled packages. Here is how it works and how to detect it.

Jul 5, 20225 min read
supply-chain (Page 59) — Safeguard Blog