Product
Safeguard Q1 2026 Release Recap
A quarterly recap of Q1 2026 at Safeguard.sh: the signed chain from source to runtime, self-healing GA, taint tracking, and the air-gap installer.
Mar 31, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A quarterly recap of Q1 2026 at Safeguard.sh: the signed chain from source to runtime, self-healing GA, taint tracking, and the air-gap installer.
OMB M-22-18 and the CISA Secure Software Self-Attestation form continue to evolve. Here is what producers and federal buyers must change in 2026.
A senior-engineer view of secret-scanning tools worth running in 2026: what TruffleHog, Gitleaks, GitGuardian, and platform-native scanners actually do well.
SLSA v1.1 sharpens the build track, adds a source track draft, and clarifies attestation semantics. Here is the practical guide for security teams.
Every container pulled in production is a trust decision. Here's how to secure the chain from base image selection through Dockerfile to admission control.
A technical retrospective on the 2024 Cyberhaven Chrome extension compromise: the phishing chain, the malicious OAuth flow, the exfiltration payload, and what actually changes browser-extension supply chain defense.
Why most CVEs in your dependency tree are not exploitable in your application, and how reachability analysis separates real risk from noise.
A senior-engineer set of 2026 predictions for software supply chain security, grounded in current adoption curves, regulatory timelines, and attacker behavior.
Side-channel attacks are moving from hardware into software supply chains, where build-time timing, error messages, and telemetry leak meaningful secrets.
Weekly insights on software supply chain security, delivered to your inbox.