Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
When a Ruby gem is yanked from RubyGems.org, it creates security risks for projects that depended on it. Understanding the yanking mechanism is critical for Ruby supply chain security.
Flutter's pub ecosystem is growing fast. The security tooling has not kept pace. Here is what you need to know about securing Dart dependencies.
Build systems transform source code into deployable artifacts. When attackers poison the build, every artifact is compromised. Here is how it happens.
Buying software through AWS Marketplace or Azure Marketplace feels safe. But what security verification actually happens before a listing goes live?
Publishing a package to a public registry makes your code part of thousands of supply chains. This checklist covers the security controls that responsible maintainers implement before and during publication.
Python's setup.py runs arbitrary code during package installation. Despite efforts to move to declarative metadata, the risk persists.
The wrong naming convention for internal packages makes dependency confusion attacks trivial. Here is how to name packages so attackers cannot substitute them.
Python wheels are the standard packaging format, but their security verification story has significant gaps that most developers never consider.
Risk scoring turns complex supply chain data into actionable numbers. But the algorithms behind these scores have assumptions and blind spots that security teams must understand.
Weekly insights on software supply chain security, delivered to your inbox.