Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A review of SonarQube's security scanning capabilities, examining how its code quality heritage shapes its approach to vulnerability detection and taint analysis.
Apache httpd still serves millions of websites. Its default configuration exposes information, accepts weak TLS, and enables features you probably do not need.
Universal Linux packaging formats promise sandboxed applications. Their security models differ significantly, and neither delivers the isolation most users assume.
Security hardening for Travis CI pipelines covering secret management, build isolation, and migration considerations for teams still on the platform.
In November 2023, the LockBit ransomware gang published 43 gigabytes of Boeing's internal data after the aerospace giant refused to pay ransom, exposing the persistent vulnerability of manufacturing supply chains to ransomware.
How to secure your Rust supply chain with Cargo.lock, crate auditing, and build script controls.
Singapore's regulatory approach to cybersecurity is maturing fast, with supply chain security becoming a central pillar. Here's what's changing.
govulncheck is the best vulnerability scanner the Go ecosystem has ever had, but turning it from a demo into a production gate takes more than adding a CI step.
A critical remote code execution flaw in Apache ActiveMQ was rapidly weaponized by ransomware operators, with exploitation beginning before many organizations could patch.
Weekly insights on software supply chain security, delivered to your inbox.