Vulnerability Management
bundler-audit Production Setup
A practical guide to running bundler-audit in production CI pipelines, including advisory database updates, exception handling, and integration with remediation workflows.
Jul 2, 20247 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A practical guide to running bundler-audit in production CI pipelines, including advisory database updates, exception handling, and integration with remediation workflows.
Safeguard SCA goes beyond basic CVE matching with multi-source intelligence, version-range precision, and exploitability context that cuts through vulnerability noise.
A regression in OpenSSH's signal handler reintroduced a vulnerability from 2006, enabling unauthenticated remote code execution on glibc-based Linux systems. Here's what you need to know.
Azure Policy is the enforcement layer most Azure platforms underuse. A concrete, policy-by-policy guide to wiring it into supply chain controls that actually stick.
Practical controls and standards shaping point-of-sale software supply chains, from PCI DSS 4.0 to PA-DSS successors and retailer-specific frameworks.
Two AWS services, overlapping features, and a pricing difference that adds up to real money. The decision framework for Secrets Manager vs Parameter Store, based on what actually goes wrong in production.
AWS built Firecracker to run Lambda. The security model is the entire value proposition, and it holds up under scrutiny.
The in-toto attestation framework is the plumbing under SLSA, Sigstore, and most supply chain tooling. Here is a practical review of the v1 formats and their edges.
A deep look at ArgoCD security in production: RBAC models, repo credentials, ApplicationSet risks, and the CVEs that have shaped the current hardening defaults.
Weekly insights on software supply chain security, delivered to your inbox.