Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

DevSecOps

Sigstore and Cosign: Software Signing for the Rest of Us

Sigstore makes software signing accessible by eliminating the pain of key management. Here's how Cosign, Fulcio, and Rekor work together to verify software integrity.

Oct 25, 20216 min read
Open Source Security

Python PyPI Malware Campaigns in 2021

Malicious packages on PyPI surged in 2021, targeting developers with credential stealers, backdoors, and data exfiltration. Here's what the campaigns look like and how to defend against them.

Oct 15, 20215 min read
DevSecOps

GitHub Actions Security: Hidden Supply Chain Risks

GitHub Actions workflows execute third-party code with access to your repository secrets. Most teams don't realize how much trust they're placing in action authors.

Sep 25, 20215 min read
Incident Analysis

Travis CI Token Leak Retrospective

Travis CI exposed secrets from public repo forks for weeks in 2021. Here is the exact defect, who was affected, and the permanent takeaways.

Sep 20, 20216 min read
DevSecOps

SLSA Framework Introduction: Securing Supply Chain Integrity

Google's SLSA framework provides a graduated model for supply chain integrity, from basic provenance to fully verified builds. Here's how it works and why it matters.

Sep 1, 20216 min read
DevSecOps

Securing CI/CD Pipelines from Supply Chain Attacks

CI/CD pipelines are the new attack surface. From poisoned dependencies to compromised build tools, here's how to lock down your software delivery infrastructure.

Aug 20, 20216 min read
Supply Chain Attacks

Typosquatting Attacks on npm and PyPI Explained

Attackers exploit human typos to distribute malware through package registries. Here's how typosquatting works, real examples, and how to protect your builds.

Aug 10, 20215 min read
Network Security

DNS Hijacking and Its Supply Chain Implications

DNS hijacking can redirect software updates, package downloads, and API calls to attacker-controlled servers. Here's how this underrated attack vector threatens your entire software supply chain.

Aug 5, 20216 min read
Open Source Security

Open Source Security: State of the Union 2021

Open source powers the modern internet, but its security model is under strain. Here's the 2021 landscape of open source risk, from funding to maintainer burnout to malicious packages.

Aug 1, 20216 min read
DevSecOps

Why Software Bill of Materials Matter

SBOMs are the foundation of software supply chain security. Without knowing what's in your software, you can't secure it. Here's why SBOMs matter and how to get started.

Jul 25, 20216 min read
Risk Management

Disaster Recovery Planning for Software Supply Chain Incidents

When a supply chain attack hits, your DR plan needs to cover more than just infrastructure failover. Here is how to prepare for the worst.

Jun 22, 20217 min read
Ransomware

JBS Foods Ransomware Attack: When Hackers Targeted the World's Meat Supply

REvil ransomware shut down the world's largest meat processor, disrupting supply chains across the US, Australia, and Canada — and resulted in an $11 million ransom payment.

Jun 5, 20216 min read
supply-chain (Page 62) — Safeguard Blog