Safeguard
Tag

supply-chain

Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.

749 articles

Industry Analysis

MFT Mass Exploitation Trend In 2026

Managed file transfer platforms have become a recurring epicenter of mass exploitation. We trace the 2026 incidents, the reused tradecraft, and what defenders should do now.

Apr 13, 20267 min read
AI Security

Pattern Scanners Can't Find Zero-Days. This Can.

Signature-based scanners only know what other people have already named. Here is the architectural reason they cannot find zero-days, and what actually does.

Apr 13, 20267 min read
Best Practices

Stopping Risky Dependencies At PR Time, Not Production

Catching risky dependencies after they reach production is expensive. PR-time policy gates stop them at the cheapest moment, with the right context and reviewer attention.

Apr 13, 20267 min read
Open Source Security

Node.js Supply Chain Defence Program 2026

A practical 2026 blueprint for hardening Node.js supply chains across npm, lockfiles, scripts, and runtime — and where Safeguard plugs into the program.

Apr 12, 20267 min read
Best Practices

Vendor Questionnaire Fatigue And How To End It

Security questionnaires have ballooned into 400-row spreadsheets that nobody reads carefully. Here is how to replace the ritual with evidence ingestion that actually changes vendor risk decisions.

Apr 12, 20267 min read
Best Practices

You Cannot Secure What You Cannot See: Asset Discovery

Most breaches start with an asset nobody remembered owning. Continuous asset discovery is the foundation that every other control depends on.

Apr 12, 20267 min read
Regulatory Compliance

Audit Prep: Month To Week With Continuous Evidence

Replace last-minute audit scrambles with continuously generated supply chain evidence. Learn how compliance teams compress preparation timelines from weeks to days.

Apr 11, 20267 min read
SBOM & Compliance

Building A Defensible SBOM Program In 90 Days

A pragmatic 90-day blueprint for standing up an SBOM program that survives auditor scrutiny, procurement reviews, and incident response without burning out your platform team.

Apr 11, 20266 min read
Container Security

Rolling Out Zero-CVE Base Images Org-Wide

A pragmatic playbook for migrating an entire engineering organisation onto zero-CVE base images, covering pilot selection, registry mirroring, drift control, and the hard people-side of the rollout.

Apr 11, 20267 min read
Threat Intelligence

Qilin Ransomware Supply Chain Tactics 2025

Qilin became a top ransomware operator in 2024-2025 by pairing edge-device exploitation with managed service provider compromise. Here is the supply chain breakdown.

Apr 11, 20268 min read
Industry Analysis

npm Account Takeover Pattern Evolution

npm account takeovers have shifted from opportunistic phishing to coordinated, multi-stage operations. We trace the 2025 to 2026 evolution and what it means for maintainers.

Apr 9, 20267 min read
Best Practices

Phased Policy Rollout: Warn To Block In Six Weeks

Hard-blocking a new policy on day one breaks builds and trust. A phased rollout from warn to block earns the right to enforce by proving the policy is correct first.

Apr 9, 20267 min read
supply-chain (Page 9) — Safeguard Blog