Safeguard
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (2193)AI Security (338)DevSecOps (175)Best Practices (168)Open Source Security (142)Vulnerability Analysis (103)Industry Analysis (100)Incident Analysis (86)Regulatory Compliance (74)Container Security (74)Application Security (73)Compliance (72)Vulnerability Management (59)Software Supply Chain Security (51)Threat Intelligence (41)Cloud Security (39)Supply Chain Attacks (36)Product (35)SBOM (34)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Regulation (6)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Agent Security (4)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Standards (3)Tools (3)Build Security (3)Supply Chain (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Frameworks (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Policy (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Open Source Security

The ua-parser-js npm Hijack of October 2021

An npm package with 8 million weekly downloads shipped a cryptominer and credential stealer for four hours. Here is the exact sequence of events.

Oct 25, 20216 min read
DevSecOps

Sigstore and Cosign: Software Signing for the Rest of Us

Sigstore makes software signing accessible by eliminating the pain of key management. Here's how Cosign, Fulcio, and Rekor work together to verify software integrity.

Oct 25, 20216 min read
Ransomware

REvil Ransomware Shutdown: How Law Enforcement Took Down a Ransomware Empire

REvil was one of the most prolific ransomware-as-a-service operations until a coordinated law enforcement takedown dismantled its infrastructure in October 2021.

Oct 22, 20217 min read
Open Source Security

Python PyPI Malware Campaigns in 2021

Malicious packages on PyPI surged in 2021, targeting developers with credential stealers, backdoors, and data exfiltration. Here's what the campaigns look like and how to defend against them.

Oct 15, 20215 min read
Vulnerability Analysis

Apache HTTP Server CVE-2021-41773: A Path Traversal Bug That Should Have Been Caught in Code Review

CVE-2021-41773 allowed path traversal and RCE on Apache HTTP Server 2.4.49. The fix was incomplete, leading to CVE-2021-42013 days later. A lesson in patching under pressure.

Oct 12, 20216 min read
Incident Analysis

Twitch Source Code Leak: What 125GB of Exposed Data Tells Us About Internal Security

In October 2021, an anonymous hacker dumped Twitch's entire source code, internal tools, and creator payout data. The breach exposed systemic failures in access control and secret management.

Oct 8, 20215 min read
Container Security

Docker Hub Malicious Images and Cryptomining Campaigns

Researchers found that millions of Docker Hub pulls go to images containing cryptominers, backdoors, and other malware. Here's how to protect your container pipeline.

Oct 5, 20216 min read
Application Security

Binary Analysis for Supply Chain Verification

When you can't audit source code, binary analysis becomes your last line of defense. Understanding how to verify compiled artifacts is critical for catching supply chain compromises.

Oct 5, 20216 min read
DevSecOps

GitHub Actions Security: Hidden Supply Chain Risks

GitHub Actions workflows execute third-party code with access to your repository secrets. Most teams don't realize how much trust they're placing in action authors.

Sep 25, 20215 min read
Page 238 of 244

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights