Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Nonprofits handle donor data and sensitive beneficiary information with limited budgets. Here's a realistic guide to managing software security on nonprofit resources.
SSH keys provide access to your most critical infrastructure. Most organizations manage them poorly. Here is how to do it right.
Practical steps to secure your CircleCI pipelines, from context management and OIDC to orb vetting and runner isolation.
A review of GitHub Advanced Security covering CodeQL SAST, Dependabot SCA, secret scanning, and how the integrated security experience works for development teams.
Clop's exploitation of MOVEit Transfer compromised over 2,500 organizations in one campaign, demonstrating a shift from traditional ransomware to mass vulnerability exploitation.
Electron's ContextBridge is the secure boundary between web content and Node.js APIs. This guide covers how to use it correctly, common mistakes that create RCE vulnerabilities, and security best practices for Electron applications.
NuGet packages can be tampered with at multiple points in the supply chain. Here is how to detect and prevent package tampering in your .NET projects.
Starjacking exploits the trust developers place in GitHub stars and repository metadata. Attackers link malicious packages to popular repositories to appear legitimate. Here is how it works.
Typosquatting and domain squatting in package registries trick developers into installing malicious packages. The attack is trivially easy to execute and remarkably effective.
Weekly insights on software supply chain security, delivered to your inbox.