Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Yanking is PyPI's narrow, deliberately blunt tool for dealing with broken releases. A close analysis of what it does, what it doesn't do, and when to use it instead of a delete.
Architect Sumo Logic dashboards, queries, and anomaly detection for software supply chain visibility across SCM, CI/CD, registries, and cloud runtime.
Securing FastAPI applications with Pydantic validation, OAuth2 integration, and dependency injection patterns.
A practical CI tutorial for measuring dependency freshness, setting SLOs for version drift, and failing builds when packages fall too far behind upstream.
Sarbanes-Oxley IT general controls predate modern software delivery. Here's how change management, access, and segregation of duties controls actually look when applied to CI/CD pipelines and software components.
NERC CIP-013 turned software supply chain into a regulated obligation for the bulk electric system. A practical look at what utilities are actually doing.
AI-generated deepfakes are making social engineering attacks against software supply chains more convincing and harder to detect.
An SBOM in JSON or XML format is data. A visualization turns that data into insight. This comparison examines how different tools present SBOM data and which approaches work best for different audiences.
A critical authentication bypass in GitHub Enterprise Server allowed attackers to forge SAML responses and gain administrator access to self-hosted GitHub instances without any credentials.
Weekly insights on software supply chain security, delivered to your inbox.