Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A breach of Plex's systems exposed usernames, emails, and hashed passwords for approximately 20 million users, forcing the streaming platform to trigger a mass password reset.
A critical vulnerability in GitLab's GitHub import feature allowed authenticated attackers to execute arbitrary code on the server. The flaw highlighted risks in platform migration features.
A hands-on walkthrough for configuring automated dependency scanning in your GitHub repositories, from Dependabot alerts to custom CI workflows.
IaC scanning catches misconfigurations before they reach production. This guide covers tools, techniques, and integration patterns for Terraform, CloudFormation, and Kubernetes.
A practical guide to hiring your first security engineers, defining roles, and building a security function that scales with your organization.
Attackers can impersonate any committer on GitHub, inject malicious code through PRs, and exploit lax review processes. Here's the risk.
Banks face unique software supply chain risks. This guide covers real threats, regulatory expectations, and what security teams should actually be doing.
Bug bounty programs for open source projects promise market-driven vulnerability discovery. The reality is more complicated, with perverse incentives, quality problems, and funding gaps.
Government agencies face unique software supply chain threats. Here's how federal and state organizations can protect critical infrastructure from compromise.
Weekly insights on software supply chain security, delivered to your inbox.