Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A senior engineer's review of the 2025 VS Code Marketplace malware wave, including typosquats, trojanized themes, and extensions that stole npm tokens at scale.
CMMC 2.0 rollout has made flow-down expectations concrete. AI-for-security tools used by DIB contractors are in scope, and the pass-through story matters.
Most scanners stop at five or six levels of transitive depth. Real production graphs run sixty levels deep, and the most interesting vulnerabilities live in the long tail.
Five years after President Biden signed EO 14028, we assess what it accomplished, what it missed, and what comes next.
Keyless Cosign signing with Fulcio and Rekor is the 2026 default. Here is the production workflow, policy configuration, and the failure modes nobody warns you about.
March 2026 at Safeguard.sh: Griffin taint tracking, Eagle SBOM-driven advisories, Lino cross-service baselines, and the new runner air-gap installer.
The FTC's widening enforcement posture after the MGM breach and related consent orders is reshaping software supply chain accountability for vendors and buyers.
The 2026 playbook for automated secret rotation: detection pipelines, credential broker patterns, blast-radius analysis, and CI integration that actually holds up in production.
CVE-2024-29849 is a CVSS 9.8 auth bypass in Veeam Backup Enterprise Manager. Root cause, exploitation, detection, and patching guidance.
Weekly insights on software supply chain security, delivered to your inbox.