Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
NuGet packages can be tampered with at multiple points in the supply chain. Here is how to detect and prevent package tampering in your .NET projects.
Starjacking exploits the trust developers place in GitHub stars and repository metadata. Attackers link malicious packages to popular repositories to appear legitimate. Here is how it works.
Microsegmentation limits lateral movement after a breach. Applied to software supply chains, it contains the blast radius when a dependency, build tool, or vendor is compromised.
While organizations were still reeling from the first MOVEit zero-day, a second critical vulnerability was found — raising questions about the product's security.
Every software download, package install, and API call starts with a DNS query. DNS compromise redirects your supply chain at the most fundamental level — and most organizations have no visibility.
Major security certifications are updating their content to cover supply chain threats. Here is what CISSP, CEH, and OSCP teach about supply chain security — and what they miss.
npm install scripts execute arbitrary code during package installation. They are the most exploited vector in JavaScript supply chain attacks.
When an npm package looks suspicious, you need a systematic approach to determine if it is malicious. These analysis techniques separate noise from genuine threats.
SRI protects against CDN compromises and supply chain attacks on client-side scripts. Most web applications do not use it. Here is what they are missing.
Weekly insights on software supply chain security, delivered to your inbox.