Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (1954)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Best Practices

How to Scan Docker Images for Vulnerabilities

A production-grade vulnerability scanning pipeline for Docker images using Trivy and Grype, with reachability-based prioritization and admission enforcement.

Mar 17, 20267 min read
Emerging Technology

GitHub Actions Cache Poisoning Attack Class 2025

GitHub Actions caches were never designed as a trust boundary. In 2025 researchers turned that mismatch into a repeatable supply-chain attack pattern.

Mar 17, 20268 min read
Compliance

NIST SP 800-161 Rev. 2 Third-Party Risk 2026

NIST SP 800-161 Rev. 2 reshapes cyber supply chain risk management for federal contractors and commercial buyers. Here is what engineers must operationalize.

Mar 17, 20267 min read
Incident Analysis

Docker Hub Exposed Secrets at Scale 2024

Researchers keep finding valid AWS, GitHub, and cloud credentials baked into public Docker Hub images. What the 2024 data shows and how to stop shipping secrets.

Mar 17, 20268 min read
AI Security

Benchmark Reproducibility: Griffin AI vs Mythos

A benchmark you can't reproduce is marketing. A benchmark you can rerun on your own infrastructure is evidence. The reproducibility gap is wide.

Mar 16, 20266 min read
AI Security

Prompt Injection Defences: Griffin AI vs Mythos

Prompt injection is the defining AI security problem of this generation. The defences are structural, not cosmetic — and the architectural choices show.

Mar 16, 20264 min read
AI Security

Griffin AI vs Windsurf Cascade for Security Review

Windsurf's Cascade agent is among the more capable in-editor agents. For security review specifically, it's a complement to Griffin AI, not a replacement.

Mar 16, 20262 min read
Compliance

Supply Chain Security for Aerospace & Defense (DoD) 2026

Supply chain security for aerospace and defense contractors in 2026 means CMMC 2.0 final rule, DFARS 7012/7020/7021, and NIST 800-171 Rev 3 in production.

Mar 16, 20267 min read
AI Security

Enterprise AI Metric Design For Executive Reporting

AI-for-security metrics that show up on board slides are different from the ones engineers use day-to-day. Designing both sets properly is the work.

Mar 15, 20261 min read
Page 12 of 218

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights