Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Mirroring npm, PyPI, or Maven Central locally reduces dependency on external infrastructure. But mirrors introduce their own security considerations that most teams overlook.
setuptools is the default Python packaging backend and its security properties matter for anyone who builds, installs, or runs Python code. Here is what to watch.
Authorization flaws let authenticated users access resources and perform actions beyond their intended permissions. Learn the most common authorization vulnerabilities and how to build robust access control systems.
The latest release of OpenSSF Scorecard introduces new checks and improved accuracy, helping organizations make data-driven decisions about open source dependency risk.
Developer workstations have elevated access to source code, build systems, and deployment pipelines. Zero Trust principles applied to these endpoints significantly reduce supply chain attack surface.
Observability and security have operated in silos for too long. Their convergence creates capabilities that neither could achieve alone.
A critical authentication bypass in TeamCity allowed unauthenticated attackers to gain admin access to CI/CD servers. State-sponsored groups exploited it to compromise software supply chains.
OWASP published its first Top 10 for LLM Applications on August 1, 2023. Here is what it covers, where it overreaches, and how to use it on real systems.
JSON is the lingua franca of APIs, but the libraries that parse it have had serious security issues. Here is what to watch for in your stack.
Weekly insights on software supply chain security, delivered to your inbox.