Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (1954)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Best Practices

Managing Security Debt: A Practical Guide

Security debt is inevitable, but it does not have to be unmanageable. Learn how to quantify, prioritize, and systematically pay down your organization's security debt.

Dec 5, 20236 min read
Open Source Security

Open Source Dependency Health Metrics That Actually Matter

Star counts and download numbers tell you popularity, not health. The metrics that predict dependency risk are harder to measure and more important to track.

Dec 5, 20236 min read
Architecture

Monorepo Security: Dependency Management at Scale

Monorepos centralize code but create unique security challenges. Learn how to manage shared dependencies, enforce security policies, and maintain SBOMs across a monorepo architecture.

Dec 3, 20238 min read
Compliance & Regulations

Federal SBOM Mandate: Compliance Deadlines and What They Mean for Vendors

Federal agencies are tightening SBOM requirements for software suppliers. Here's what vendors need to know about compliance deadlines, attestation requirements, and practical implementation.

Dec 1, 20235 min read
Open Source Security

npm Scripts Sandboxing Techniques

Postinstall scripts have been the supply-chain attacker's favorite tool for a decade. Here are the sandboxing techniques that actually work, ranked from cheap to serious.

Nov 30, 20236 min read
Regulatory Compliance

SOX IT Controls and Software Supply Chain

SOX ITGCs are being rewritten around open-source software and build integrity as PCAOB and SEC scrutiny extends ICFR into the developer toolchain for the first time.

Nov 26, 20235 min read
Incident Analysis

Dollar Tree Third-Party Breach Impacts Nearly 2 Million Employees

In November 2023, Dollar Tree disclosed that a breach at its third-party service provider Zeroed-In Technologies exposed the personal data of nearly 2 million current and former employees, highlighting the persistent risk of third-party supply chain compromises.

Nov 22, 20237 min read
Open Source Security

How to Audit npm Postinstall Scripts Safely

Inspect every lifecycle script in your node_modules tree, disable dangerous ones by default, and catch malicious postinstall hooks before they execute.

Nov 22, 20234 min read
Container Security

Chainguard Images: The Zero-CVE Container Base Image Revolution

Chainguard ships container images with zero known CVEs. That sounds like marketing until you understand how they build them. Here is the technical reality behind the claim.

Nov 22, 20236 min read
Page 141 of 218

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights