Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Prompt injection is not just an application vulnerability. When LLMs process content from the software supply chain -- package descriptions, README files, commit messages -- injection becomes a supply chain attack vector.
Medusa ransomware has evolved beyond traditional encryption schemes, leveraging supply chain compromise to infiltrate victims. Here's what defenders need to know.
Turborepo makes large JavaScript monorepos fast, and speed changes how teams think about dependencies. The supply chain implications are subtle enough that a fast-moving team can be in trouble before anyone notices.
Play ransomware refined the MSP attack model, exploiting FortiOS and RDP vulnerabilities to cascade through managed service providers into hundreds of downstream organizations.
A practical hardening guide for Concourse CI: resource type trust, worker isolation, team-level RBAC, and the var source security that underpins the platform's multi-tenancy model.
JRuby sits at the intersection of the Ruby and Java supply chains, and the security story reflects both. A look at how JRuby's dual nature affects gem security and what defenders should know.
Medusa ransomware operators have refined a playbook that targets managed service providers and software vendors as stepping stones into hundreds of downstream victims.
A practical hardening guide for Buildkite: agent isolation, pipeline upload security, plugin risks, and the agent-token rotation strategy that keeps the trust model intact.
React Native bundles native modules, JavaScript dependencies, and CodePush-style OTA updates into one app. The supply chain is vast and the remediation path is slower than web apps. Here is where it actually goes wrong.
Weekly insights on software supply chain security, delivered to your inbox.