Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Each package manager has its own security model, attack surface, and best practices. This guide compares npm, pip, and Maven from a supply chain security perspective.
Government agencies face unique software supply chain threats. Here's how federal and state organizations can protect critical infrastructure from compromise.
Docker Content Trust never gained traction. Notary v2, now called Notation, is the replacement. Here is how to implement it and what has changed.
Package signing is the backbone of Linux software distribution security. Most teams trust it blindly without understanding the verification chain they depend on.
Container image signing has gone through multiple iterations. Here is where the OCI standards stand now and what you need to implement.
Azure DevOps pipelines present unique supply chain risks from marketplace extensions to service connections. A breakdown of the attack surface and how to harden it.
XcodeGhost compromised Apple's developer toolchain by distributing a modified Xcode IDE. Years later, the attack remains a textbook example of build-tool supply chain compromise.
Weekly insights on software supply chain security, delivered to your inbox.