Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A review of Socket.dev's approach to supply chain security, focusing on behavior analysis of npm packages, install script detection, and typosquatting prevention.
How to secure your Cloud Build pipelines with SLSA provenance, Binary Authorization, and artifact verification for end-to-end supply chain integrity.
Practical strategies for generating and managing Software Bills of Materials in cloud-native environments, beyond the compliance checkbox.
An inside look at Google's multi-layered approach to supply chain security, from Binary Authorization to SLSA, and what other organizations can adapt from their model.
A practical guide to securing your software supply chain on AWS, from ECR image provenance to CodePipeline hardening.
A compromised certificate authority can undermine TLS trust for your entire software supply chain. Understanding CA risks is essential for defending package integrity and secure distribution.
2021 saw a record number of zero-day exploits targeting open-source software. From Log4Shell to ProxyShell, here's what happened and what it means for defenders.
The NTIA published its minimum elements for SBOMs in July 2021. Here's a practical breakdown of what's required, what's optional, and where most organizations fall short.
Security questionnaires are still how most organizations evaluate vendor risk. They're also still mostly useless. Here's what actually works.
Weekly insights on software supply chain security, delivered to your inbox.