Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filtering by tag:#Build Security17 articles
All (17)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
DevSecOps

Software Attestation in Practice: From Theory to Implementation

Software attestation is moving from academic concept to practical requirement. Here's how to implement it in your build pipelines today.

Apr 8, 20236 min read
DevSecOps

3CX Attack Lessons: What Every Software Vendor Must Do Differently

The 3CX supply chain attack exposed critical gaps in how software vendors protect their build pipelines. Here are the concrete lessons.

Apr 2, 20237 min read
Software Supply Chain Security

Maven Dependency Resolution Attacks: Exploiting Java's Build System

Maven's dependency resolution mechanism can be exploited through repository poisoning, dependency confusion, and POM manipulation. Here is what Java teams need to know.

Mar 5, 20235 min read
Network Security

VPN Security for Remote Development Teams: Beyond the Basics

Remote development teams depend on VPNs, but misconfigured VPNs create supply chain risks. Split tunneling, credential management, and endpoint security all affect build pipeline integrity.

Feb 5, 20235 min read
DevSecOps

Makefile Injection Attacks: When Build Automation Becomes a Weapon

Makefiles execute shell commands by design. When those commands incorporate untrusted input, the results are predictably dangerous.

Oct 30, 20224 min read
DevSecOps

Environment Variable Injection in CI/CD: The Invisible Attack Surface

CI/CD pipelines trust environment variables implicitly. Injecting or modifying them can hijack builds, steal secrets, and compromise deployments.

Jun 20, 20224 min read
Network Security

Software-Defined Perimeters for Supply Chain Security

Software-Defined Perimeters can isolate build systems, artifact repositories, and deployment pipelines from unauthorized access. Here is how SDP applies to supply chain security.

Jun 5, 20225 min read
DevSecOps

Temp File Race Conditions in Build Systems: The TOCTOU Problem

Build systems create and process temporary files constantly. Race conditions in temp file handling can be exploited to inject malicious content into builds.

Apr 15, 20225 min read
Page 2 of 2

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights