Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (80)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Industry Analysis

SentinelOne Supply Chain Detection Logic for Build Systems

How to extend SentinelOne's behavioral detection engine to cover build agents, package registries, and developer endpoints without drowning analysts in false positives.

Jul 22, 20247 min read
Industry Analysis

Clop: Supply Chain Exploitation Tradecraft

Clop has turned supply chain exploitation into a repeatable playbook — MOVEit, GoAnywhere, Cleo. A look at the tradecraft that makes the campaign work.

Jun 15, 20246 min read
Industry Analysis

Elastic Security Supply Chain Signals

How to surface software supply chain threats in Elastic Security using EQL, detection rules, and the Elastic Common Schema for build pipeline and registry events.

Jun 15, 20247 min read
Industry Analysis

Insurance Industry Software Supply Chain

Insurers underwrite cyber risk while running on the same fragile dependency graphs as everyone else. A look at the industry's software supply chain blind spots.

May 30, 20246 min read
Industry Analysis

Sumo Logic for Supply Chain Observability: A Practitioner's Guide

Architect Sumo Logic dashboards, queries, and anomaly detection for software supply chain visibility across SCM, CI/CD, registries, and cloud runtime.

May 22, 20247 min read
Industry Analysis

APT29 Cozy Bear: Supply Chain Tradecraft

How Russia's SVR-linked APT29 quietly industrialized supply chain compromise from SolarWinds to TeamCity and JetBrains tooling.

May 10, 20246 min read
Industry Analysis

Chronicle Security Supply Chain Queries

Writing YARA-L detection rules and UDM queries in Google Chronicle (now Security Operations) to catch software supply chain threats at scale.

Apr 30, 20246 min read
Industry Analysis

Critical Infrastructure Software Supply Chain

How the 16 critical infrastructure sectors are absorbing software supply chain obligations under PPD-21, NSM-22, and CISA's emerging frameworks.

Apr 28, 20247 min read
Industry Analysis

Corporate OSS Contribution Policies

Google, Microsoft, Red Hat, and a long tail of smaller companies have built contribution policies that shape how their engineers participate in open source. The policies vary more than most assume.

Apr 22, 20247 min read
Page 8 of 9

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights