DevSecOps
GraphQL Supply Chain Security Considerations
Supply chain risks specific to GraphQL stacks: Apollo, graphql-js, persisted queries, introspection, and transitive risk in gateway federation.
Sep 30, 20245 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Supply chain risks specific to GraphQL stacks: Apollo, graphql-js, persisted queries, introspection, and transitive risk in gateway federation.
Open banking depends on a tangle of SDKs, certificate authorities, and directory services. What PSD2, the UK's Open Banking Standard, and the emerging US framework mean for supply chain security.
FastAPI's dependency surface is deceptively large. Here is how to lock it down in practice, covering Starlette, Pydantic, Uvicorn, and the plugins you likely missed.
Securing FastAPI applications with Pydantic validation, OAuth2 integration, and dependency injection patterns.
In May 2024, Dell Technologies disclosed a breach exposing 49 million customer records after a threat actor exploited a partner portal API to scrape names, addresses, and purchase details, then attempted to sell the data online.
In January 2024, a threat actor used an insecure Trello API endpoint to scrape and correlate email addresses with Trello account data for over 15 million users, then posted the dataset on a hacking forum.
Practical security hardening for Express.js applications covering middleware, input validation, and production deployment.
In January 2023, T-Mobile disclosed that an attacker exploited an API to steal personal data of 37 million customers. It was their ninth major breach in five years.
Weekly insights on software supply chain security, delivered to your inbox.