Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filtering by tag:#github16 articles
All (16)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Tool Reviews

GitHub Advanced Security: CodeQL, Dependabot, and Secret Scanning in Practice

A review of GitHub Advanced Security covering CodeQL SAST, Dependabot SCA, secret scanning, and how the integrated security experience works for development teams.

Jul 8, 20236 min read
Tool Comparisons

Dependabot vs Renovate: Which Dependency Update Bot Should You Use?

A practical guide comparing Dependabot and Renovate for automated dependency updates, covering configuration flexibility, ecosystem support, and team workflows.

Jan 25, 20236 min read
Incident Analysis

Slack GitHub Repository Theft: Stolen Tokens and the Risks of Third-Party Integrations

In December 2022, Slack disclosed that stolen employee tokens were used to access private GitHub repositories. The breach highlighted the risks of token-based authentication in CI/CD pipelines.

Jan 4, 20236 min read
DevSecOps

GitHub Repository Security Settings Guide

Configure GitHub repository security settings for branch protection, secret scanning, dependency alerts, and code scanning.

Dec 12, 20225 min read
Vulnerability Analysis

GitHub Code Signing Bypass: When the Trust Anchor Fails

A vulnerability in GitHub's commit signature verification allowed attackers to forge signed commits. The flaw undermined the integrity guarantees that code signing is supposed to provide.

Dec 5, 20226 min read
How-To Guide

Setting Up Dependency Scanning on GitHub

A hands-on walkthrough for configuring automated dependency scanning in your GitHub repositories, from Dependabot alerts to custom CI workflows.

Aug 22, 20226 min read
DevSecOps

The GitHub Codespaces Security Model, Examined

GitHub Codespaces has gone GA and is about to become the dev environment standard. Here is a close read of its security model — including what it does not solve.

Jun 22, 20227 min read
Page 2 of 2

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights