Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A review of Tern, the open source tool that generates SBOMs by inspecting container image layers, including its strengths, limitations, and where it fits in your toolchain.
A practical comparison of Trivy and Grype for vulnerability scanning, covering detection accuracy, performance, SBOM support, and real-world usage patterns.
2021 saw a record number of zero-day exploits targeting open-source software. From Log4Shell to ProxyShell, here's what happened and what it means for defenders.
An npm package with 8 million weekly downloads shipped a cryptominer and credential stealer for four hours. Here is the exact sequence of events.
The maintainer of colors and faker deliberately corrupted his own packages, affecting thousands of projects. It raised uncomfortable questions about open source sustainability and trust.
Open source powers the modern internet, but its security model is under strain. Here's the 2021 landscape of open source risk, from funding to maintainer burnout to malicious packages.
The Rust Foundation launched February 8, 2021. Here is what its formation actually changed for the security of Rust and downstream ecosystems.
Weekly insights on software supply chain security, delivered to your inbox.