Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Malicious packages on PyPI surged in 2021, targeting developers with credential stealers, backdoors, and data exfiltration. Here's what the campaigns look like and how to defend against them.
CVE-2021-41773 allowed path traversal and RCE on Apache HTTP Server 2.4.49. The fix was incomplete, leading to CVE-2021-42013 days later. A lesson in patching under pressure.
In October 2021, an anonymous hacker dumped Twitch's entire source code, internal tools, and creator payout data. The breach exposed systemic failures in access control and secret management.
Researchers found that millions of Docker Hub pulls go to images containing cryptominers, backdoors, and other malware. Here's how to protect your container pipeline.
When you can't audit source code, binary analysis becomes your last line of defense. Understanding how to verify compiled artifacts is critical for catching supply chain compromises.
GitHub Actions workflows execute third-party code with access to your repository secrets. Most teams don't realize how much trust they're placing in action authors.
Apple's 2021 announcement of on-device CSAM scanning ignited a fierce debate about surveillance, encryption, and the boundaries of technology companies' responsibility — leading Apple to ultimately abandon the plan.
Travis CI exposed secrets from public repo forks for weeks in 2021. Here is the exact defect, who was affected, and the permanent takeaways.
The maintainer of colors and faker deliberately corrupted his own packages, affecting thousands of projects. It raised uncomfortable questions about open source sustainability and trust.
Weekly insights on software supply chain security, delivered to your inbox.