Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filter

All (7)AI Security (384)DevSecOps (197)Best Practices (175)Open Source Security (154)Vulnerability Analysis (117)Incident Analysis (114)Industry Analysis (107)Compliance (100)Application Security (97)Regulatory Compliance (89)Container Security (89)Cloud Security (70)Vulnerability Management (70)Software Supply Chain Security (65)Supply Chain Attacks (54)Threat Intelligence (47)SBOM (41)Product (35)Tools (32)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (24)Infrastructure Security (23)Regulation (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Agent Security (16)Vulnerability Response (16)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Supply Chain (12)Frameworks (12)Data Breach (11)Dependency Security (11)Web Security (11)Open Source (9)Kubernetes Security (9)Company (8)Standards (8)Architecture (8)Industry Insights (7)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Vendor Comparison (6)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Breach Analysis (5)Code Security (5)Cryptocurrency Security (4)Tool Comparison (4)Mobile Security (4)Product Launch (4)Policy (4)Offensive Security (4)Tool Comparisons (4)Healthcare Security (3)Social Engineering (3)Build Security (3)Industry (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Hardware Security (3)Identity Security (2)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)DeFi Security (2)Incident Postmortem (1)Technical (1)Healthcare (1)Events (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Credential Attacks (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed

AI Security

Launching Zero-Day Discovery: How Safeguard's Multi-Agent TAOR Deep Think AI Engine Finds Vulnerabilities Before Anyone Else

Safeguard launches its Zero-Day Discovery Engine, powered by the Multi-Agent TAOR Deep Think AI Engine — a multi-lead, multi-sub-agent architecture that performs deep CWE analysis on open-source packages to uncover vulnerabilities that traditional scanners miss.

Apr 10, 202610 min read

Industry Analysis

The Software Composition Analysis Market in 2024: Consolidation and Evolution

The SCA market is maturing fast, with acquisitions, AI-powered analysis, and SBOM mandates reshaping the competitive landscape and what buyers should expect.

Nov 20, 20246 min read

Industry News

OpenSSF Launches SIREN: A Mailing List for Open Source Threat Intelligence

The Open Source Security Foundation introduces SIREN, a dedicated mailing list for sharing real-time threat intelligence about attacks targeting open source ecosystems.

Nov 15, 20246 min read

Tool Reviews

Endor Labs SCA Review: Reachability Analysis Changes the Game

A review of Endor Labs and its reachability-based approach to software composition analysis, examining how call graph analysis reduces vulnerability noise.

Mar 12, 20246 min read

Tool Comparisons

Snyk vs Sonatype: A Head-to-Head SCA Comparison

We break down the real differences between Snyk and Sonatype for software composition analysis, covering vulnerability detection, developer experience, and pricing.

May 10, 20236 min read

Tool Reviews

Mend.io (WhiteSource): The Renamed SCA Veteran

A review of Mend.io, formerly WhiteSource, covering its SCA capabilities, Renovate integration, automated remediation, and position in the crowded dependency scanning market.

Oct 22, 20225 min read

Tools & Techniques

Software Composition Analysis: The 2021 Buyer's Guide

SCA tools have exploded in number and capability. Here's how to evaluate them without getting lost in vendor marketing.

Nov 20, 20218 min read

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.