Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Application Security

WebAssembly Security: A Deep Dive into the Sandbox Model

WebAssembly promises near-native performance with a strong security sandbox. But the sandbox model has nuances that developers and security teams must understand to avoid dangerous assumptions.

Jul 5, 20227 min read
Infrastructure Security

Securing Terraform Infrastructure as Code: A Practitioner's Guide

Your Terraform code defines your production infrastructure. If an attacker compromises your HCL files, state files, or provider plugins, they do not just get access — they get the keys to rebuild your entire environment on their terms.

Jun 18, 20228 min read
Risk Management

Building a Supply Chain Risk Appetite Framework

Every organization accepts some supply chain risk. The question is whether that acceptance is deliberate and documented or accidental and invisible.

Jun 18, 20226 min read
Supply Chain Security

Linux Distribution Package Signing: How It Actually Works

Package signing is the backbone of Linux software distribution security. Most teams trust it blindly without understanding the verification chain they depend on.

Jun 12, 20227 min read
Mobile Security

Mobile App Store Security Bypass: How Malicious Apps Evade Review

App store review processes catch most malware. But the bypass techniques that work reveal systematic gaps in mobile supply chain security.

Jun 12, 20225 min read
Application Security

Electron App Supply Chain Security: Desktop Apps Built on Web Dependencies

Electron apps ship a full Chromium browser and Node.js runtime to the desktop. That means every web supply chain risk becomes a desktop attack surface — with elevated privileges.

Jun 12, 20225 min read
Kubernetes Security

Kubernetes Supply Chain Policy Engines: Enforcing What Gets Deployed

Scanning for vulnerabilities means nothing if you cannot enforce the results. Supply chain policy engines in Kubernetes turn security findings into hard deployment gates.

Jun 8, 20226 min read
Network Security

Software-Defined Perimeters for Supply Chain Security

Software-Defined Perimeters can isolate build systems, artifact repositories, and deployment pipelines from unauthorized access. Here is how SDP applies to supply chain security.

Jun 5, 20225 min read
Hardware Security

Hardware Supply Chain Trust Boundaries

Hardware travels through dozens of hands before reaching your data center. Understanding and enforcing trust boundaries across the hardware supply chain is essential for building secure systems.

Jun 5, 20226 min read
DevSecOps

Software Provenance Tracking: From Source to Production

Software provenance answers the question: where did this code come from, who built it, and can I trust it? In 2022, provenance tracking moved from academic concept to practical necessity.

May 28, 20226 min read
Supply Chain Attacks

Maven Central Supply Chain Risks: Securing the Java Ecosystem

Maven Central is the backbone of the Java ecosystem, serving billions of artifact downloads annually. Its unique trust model and dependency resolution create supply chain risks that Java teams must understand.

May 15, 20226 min read
Supply Chain Security

Azure DevOps Supply Chain Risks: Securing Your Microsoft CI/CD Pipeline

Azure DevOps pipelines present unique supply chain risks from marketplace extensions to service connections. A breakdown of the attack surface and how to harden it.

Apr 15, 20226 min read
supply-chain (Page 60) — Safeguard Blog