supply-chain
Safeguard articles tagged "supply-chain" — guides, analysis, and best practices for software supply chain and application security.
749 articles
MFT Mass Exploitation Trend In 2026
Managed file transfer platforms have become a recurring epicenter of mass exploitation. We trace the 2026 incidents, the reused tradecraft, and what defenders should do now.
Pattern Scanners Can't Find Zero-Days. This Can.
Signature-based scanners only know what other people have already named. Here is the architectural reason they cannot find zero-days, and what actually does.
Stopping Risky Dependencies At PR Time, Not Production
Catching risky dependencies after they reach production is expensive. PR-time policy gates stop them at the cheapest moment, with the right context and reviewer attention.
Node.js Supply Chain Defence Program 2026
A practical 2026 blueprint for hardening Node.js supply chains across npm, lockfiles, scripts, and runtime — and where Safeguard plugs into the program.
Vendor Questionnaire Fatigue And How To End It
Security questionnaires have ballooned into 400-row spreadsheets that nobody reads carefully. Here is how to replace the ritual with evidence ingestion that actually changes vendor risk decisions.
You Cannot Secure What You Cannot See: Asset Discovery
Most breaches start with an asset nobody remembered owning. Continuous asset discovery is the foundation that every other control depends on.
Audit Prep: Month To Week With Continuous Evidence
Replace last-minute audit scrambles with continuously generated supply chain evidence. Learn how compliance teams compress preparation timelines from weeks to days.
Building A Defensible SBOM Program In 90 Days
A pragmatic 90-day blueprint for standing up an SBOM program that survives auditor scrutiny, procurement reviews, and incident response without burning out your platform team.
Rolling Out Zero-CVE Base Images Org-Wide
A pragmatic playbook for migrating an entire engineering organisation onto zero-CVE base images, covering pilot selection, registry mirroring, drift control, and the hard people-side of the rollout.
Qilin Ransomware Supply Chain Tactics 2025
Qilin became a top ransomware operator in 2024-2025 by pairing edge-device exploitation with managed service provider compromise. Here is the supply chain breakdown.
npm Account Takeover Pattern Evolution
npm account takeovers have shifted from opportunistic phishing to coordinated, multi-stage operations. We trace the 2025 to 2026 evolution and what it means for maintainers.
Phased Policy Rollout: Warn To Block In Six Weeks
Hard-blocking a new policy on day one breaks builds and trust. A phased rollout from warn to block earns the right to enforce by proving the policy is correct first.