Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Applications built on large language models introduce novel attack surfaces that traditional security testing does not cover. This guide addresses the specific testing methodologies needed for LLM applications.
The SBOM format debate misses the point. Safeguard ingests both CycloneDX and SPDX, normalizes to a common model, and lets you query and export in either format.
dotnet restore is supposed to be deterministic. In practice it is deterministic in ways that matter less and non-deterministic in ways that matter more.
App Service deployments are easy, which is the problem. A look at the deployment paths, credential surfaces, and hardening steps that matter for production workloads.
Kimsuky has pivoted from diplomats to developers. A look at the tradecraft behind its supply-chain-flavored operations and what engineering orgs should do about it.
The EU Cyber Resilience Act was finalized in 2024, mandating cybersecurity requirements and SBOMs for products with digital elements. Here is what the final text requires and how to prepare.
A step-by-step tutorial for rotating Cosign and GPG build signing keys without breaking existing attestations, verification chains, or downstream consumers.
Native C extensions are the most under-audited part of the Ruby supply chain: how they get built, what can go wrong, and how to monitor them as seriously as you monitor pure-Ruby code.
Docker's 2024 rate-limit reforms hit CI pipelines hard. Measured impact on 30 real build farms and the mirror and pull-through controls that fixed it.
Weekly insights on software supply chain security, delivered to your inbox.