supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Securing GitHub Actions: Hardening Your CI/CD Supply Chain
GitHub Actions is a powerful CI/CD platform — and a significant attack surface. Here's how to lock it down against supply chain threats.
Docker Image Layer Security Analysis: What Lurks Beneath Your Containers
Every Docker image is a stack of layers, and each one can introduce vulnerabilities. Learn how to dissect image layers for security risks and what tools actually help.
pip Install Hooks Security Risks: Code Execution During Package Installation
Running pip install can execute arbitrary code on your machine before you ever import the package. Here is how install hooks create risk.
Reproducible Builds: The Gold Standard for Supply Chain Integrity
If you can't rebuild a binary from source and get the same result, you can't verify that the binary matches the source. Reproducible builds close this fundamental trust gap.
Zero Trust Architecture for the Software Supply Chain
Zero trust isn't just for networks. Applying zero trust principles to your software supply chain fundamentally changes how you manage dependency risk.
Microservices Security Architecture: A Supply Chain Perspective
Microservices multiply your dependency surface. This guide covers service mesh security, inter-service authentication, and dependency management across distributed architectures.
Bug Bounty Programs with a Supply Chain Focus
Traditional bug bounty programs miss supply chain vulnerabilities. Here's how to design a bounty program that incentivizes researchers to hunt in your dependency chain.
GitHub Actions Security Best Practices in 2022
A practical guide to hardening your GitHub Actions workflows against supply chain attacks, secret leaks, and privilege escalation.
BlackCat/ALPHV Ransomware: Rust-Based Innovation and Supply Chain Exploitation
BlackCat (ALPHV) brought Rust programming, triple extortion, and supply chain targeting to the ransomware-as-a-service model, raising the bar for both attackers and defenders.
CDN Supply Chain Security Risks You Should Know
Content delivery networks serve billions of software assets daily. When a CDN is compromised, the blast radius is enormous. Here's what CDN supply chain risks look like and how to defend against them.
Dark Web Monitoring for Supply Chain Threats
Software supply chain credentials, stolen signing keys, and zero-day exploits for build tools are traded on dark web forums. Monitoring these channels provides early warning of supply chain attacks.
npm Lockfile Injection Attacks: How Tampered package-lock.json Files Compromise Builds
Lockfile injection is a subtle supply chain attack where malicious changes to package-lock.json redirect dependency resolution to attacker-controlled packages. Here is how it works and how to detect it.