supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
Sigstore and Cosign: Software Signing for the Rest of Us
Sigstore makes software signing accessible by eliminating the pain of key management. Here's how Cosign, Fulcio, and Rekor work together to verify software integrity.
Python PyPI Malware Campaigns in 2021
Malicious packages on PyPI surged in 2021, targeting developers with credential stealers, backdoors, and data exfiltration. Here's what the campaigns look like and how to defend against them.
GitHub Actions Security: Hidden Supply Chain Risks
GitHub Actions workflows execute third-party code with access to your repository secrets. Most teams don't realize how much trust they're placing in action authors.
Travis CI Token Leak Retrospective
Travis CI exposed secrets from public repo forks for weeks in 2021. Here is the exact defect, who was affected, and the permanent takeaways.
SLSA Framework Introduction: Securing Supply Chain Integrity
Google's SLSA framework provides a graduated model for supply chain integrity, from basic provenance to fully verified builds. Here's how it works and why it matters.
Securing CI/CD Pipelines from Supply Chain Attacks
CI/CD pipelines are the new attack surface. From poisoned dependencies to compromised build tools, here's how to lock down your software delivery infrastructure.
Typosquatting Attacks on npm and PyPI Explained
Attackers exploit human typos to distribute malware through package registries. Here's how typosquatting works, real examples, and how to protect your builds.
DNS Hijacking and Its Supply Chain Implications
DNS hijacking can redirect software updates, package downloads, and API calls to attacker-controlled servers. Here's how this underrated attack vector threatens your entire software supply chain.
Open Source Security: State of the Union 2021
Open source powers the modern internet, but its security model is under strain. Here's the 2021 landscape of open source risk, from funding to maintainer burnout to malicious packages.
Why Software Bill of Materials Matter
SBOMs are the foundation of software supply chain security. Without knowing what's in your software, you can't secure it. Here's why SBOMs matter and how to get started.
Disaster Recovery Planning for Software Supply Chain Incidents
When a supply chain attack hits, your DR plan needs to cover more than just infrastructure failover. Here is how to prepare for the worst.
JBS Foods Ransomware Attack: When Hackers Targeted the World's Meat Supply
REvil ransomware shut down the world's largest meat processor, disrupting supply chains across the US, Australia, and Canada — and resulted in an $11 million ransom payment.