Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (1954)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
AppSec

Webpack vs Rollup vs esbuild: A Security Comparison

Choosing a bundler is usually about speed and features. Here is how Webpack, Rollup, and esbuild compare on the dimension that matters most for supply chain security.

Sep 28, 20236 min read
Tool Reviews

Checkmarx SCA: Application Security from a SAST Pioneer

A review of Checkmarx SCA covering its integration with the broader Checkmarx AST platform, vulnerability detection, and exploitability analysis capabilities.

Sep 28, 20235 min read
Vulnerability Analysis

Progress WS_FTP CVE-2023-40044: Another File Transfer Platform Falls to Pre-Auth RCE

A critical deserialization vulnerability in Progress WS_FTP Server allowed unauthenticated RCE. Coming after MOVEit, it proved that file transfer platforms remain a systemic weak point.

Sep 27, 20235 min read
Best Practices

Designing a Vulnerability Triage Workflow That Works

Most vulnerability triage processes are broken. Here is how to design a workflow that reduces noise, routes issues to the right owners, and actually gets things fixed.

Sep 25, 20236 min read
AI Security

Securing LLM Applications: The OWASP Top 10 for Large Language Models

OWASP released its Top 10 for LLM Applications in August 2023, providing the first standardized framework for understanding and mitigating risks in AI-powered software.

Sep 25, 20235 min read
SBOM

SBOM Storage and Distribution Infrastructure

Generating SBOMs is solved. Storing, versioning, and distributing them at scale is the next engineering challenge.

Sep 25, 20236 min read
AI Security

AI Hallucinations Meet Package Confusion: A New Class of Supply Chain Attack

When LLMs hallucinate package names that don't exist, attackers can register them. This supply chain attack vector is already being exploited in the wild.

Sep 20, 20235 min read
Application Security

Spring Boot Security and Dependency Management

Securing Spring Boot applications with dependency management BOMs, vulnerability scanning, and hardened configurations.

Sep 20, 20234 min read
SBOM

SBOM for the Gaming Industry: Why Game Studios Need Software Transparency

Game studios ship millions of lines of code with complex dependency chains across engines, middleware, and third-party SDKs. SBOMs are not just a compliance tool — they are an operational necessity.

Sep 20, 20235 min read
Page 150 of 218

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights