Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Starjacking exploits the trust developers place in GitHub stars and repository metadata. Attackers link malicious packages to popular repositories to appear legitimate. Here is how it works.
Typosquatting and domain squatting in package registries trick developers into installing malicious packages. The attack is trivially easy to execute and remarkably effective.
Implement dependency verification in Kotlin Gradle projects with checksums, PGP signatures, and repository filtering.
An SBOM that does not match what is actually deployed is worse than no SBOM at all. Here is how to detect and prevent SBOM drift automatically.
Leveraging Harness platform security capabilities including governance policies, secret management, and pipeline security controls.
Inside the Cl0p ransomware gang's zero-day attack on Progress MOVEit Transfer, the CVE-2023-34362 timeline, and the supply chain lessons it exposed.
RASP embeds security directly into the application runtime, detecting and blocking attacks from inside the app. It's powerful, controversial, and misunderstood. Here's what actually works.
Microsegmentation limits lateral movement after a breach. Applied to software supply chains, it contains the blast radius when a dependency, build tool, or vendor is compromised.
Connected vehicles depend on millions of lines of code. UNECE WP.29 regulations now require automotive manufacturers to manage software supply chain risks.
Weekly insights on software supply chain security, delivered to your inbox.