Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filter

All (2154)AI Security (335)DevSecOps (175)Best Practices (168)Open Source Security (142)Industry Analysis (100)Vulnerability Analysis (98)Incident Analysis (83)Regulatory Compliance (74)Container Security (74)Application Security (73)Compliance (68)Vulnerability Management (59)Software Supply Chain Security (51)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed

DevSecOps

Securing GitHub Actions: Hardening Your CI/CD Supply Chain

GitHub Actions is a powerful CI/CD platform — and a significant attack surface. Here's how to lock it down against supply chain threats.

Aug 15, 20226 min read

Analysis

Security Metrics That Matter: A CISO Guide

Stop reporting vanity metrics. Here are the security measurements that actually inform decisions, demonstrate program effectiveness, and earn board-level credibility.

Aug 15, 20226 min read

Runtime Security

eBPF for Security Monitoring: What It Can and Cannot Do

eBPF is being called the future of security observability. It is genuinely powerful, but it is not a magic bullet for runtime security.

Aug 12, 20225 min read

Container Security

Docker Image Layer Security Analysis: What Lurks Beneath Your Containers

Every Docker image is a stack of layers, and each one can introduce vulnerabilities. Learn how to dissect image layers for security risks and what tools actually help.

Aug 12, 20227 min read

SBOM

Trivy for SBOM Generation and Vulnerability Scanning

Trivy combines SBOM generation with vulnerability scanning in a single tool. Here's how to use both capabilities effectively.

Aug 12, 20226 min read

Zero-Day Exploits

Zimbra CVE-2022-37042: Authentication Bypass in a Widely Used Email Platform

CVE-2022-37042 allowed unauthenticated attackers to upload web shells to Zimbra email servers. Over 1,000 servers were compromised before most admins knew about it.

Aug 10, 20226 min read

Incident Response