Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (1954)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Vulnerability Analysis

CVE-2025-1974 Ingress NGINX Controller RCE

IngressNightmare - CVE-2025-1974 in Kubernetes ingress-nginx - gave unauthenticated attackers cluster-wide RCE. Here is how it worked and what to harden now.

Mar 7, 20268 min read
AI Security

The Reproducibility Crisis In AI Security Evals

ML research has a reproducibility crisis. AI security evaluation inherits it. Vendors publishing numbers that can't be reproduced are the norm — not the exception.

Mar 6, 20262 min read
AI Security

Griffin AI vs Claude Prompt Caching: Security

Claude's prompt caching gives you 90% discount on cached tokens. Security workloads have massive cacheable surface area. Griffin AI takes advantage; direct API use often does not.

Mar 6, 20262 min read
AI Security

Auth Bypass Discovery: Griffin AI vs Mythos

Auth bypasses are rarely a single bug. They live in the interaction between layers — middleware, route handlers, framework annotations. Finding them requires path analysis across abstraction layers.

Mar 6, 20265 min read
Best Practices

How to Generate an SBOM with GitHub Actions (2026)

SBOMs are a compliance table-stakes artifact in 2026. Here is a production GitHub Actions workflow that generates, signs, and attests a CycloneDX SBOM on every release.

Mar 6, 20266 min read
Open Source Security

PyPI 2FA Lessons Two Years In

PyPI mandated 2FA for all maintainers in 2024. Two years in, account takeovers dropped — but attackers shifted to OIDC tokens, abandoned packages, and maintainer devices.

Mar 6, 20267 min read
Best Practices

How to Detect Malicious npm Packages: A Workflow

A practical detection workflow for malicious npm packages: install-time signals, registry heuristics, reachability checks, and CI gates that actually block attacks.

Mar 6, 20267 min read
Best Practices

Procurement Security Questionnaires That Actually Work

How to design a supplier security questionnaire that produces usable signal, what to cut from standard templates, and how to integrate the output into real risk decisions.

Mar 6, 20267 min read
Product

Safeguard Desktop App 1.0 Release

The Safeguard desktop application is 1.0 on macOS, Windows, and Linux. It brings the full workflow engine, Local Runner, and offline posture reviews to developers.

Mar 6, 20267 min read
Page 20 of 218

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights