Industry Analysis
Elastic Security Supply Chain Signals
How to surface software supply chain threats in Elastic Security using EQL, detection rules, and the Elastic Common Schema for build pipeline and registry events.
Jun 15, 20247 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
How to surface software supply chain threats in Elastic Security using EQL, detection rules, and the Elastic Common Schema for build pipeline and registry events.
How to use Gemfile.lock as a real security artifact: checksums, frozen mode, reproducible resolves, and what changed in Bundler 2.5's expanded lockfile format.
Workspaces are fantastic for developer experience and hostile to naive security tooling. Here is what actually changes when you flip them on.
The FTC Safeguards Rule amendments effective May 13, 2024 expand breach-notification and software supply chain expectations for financial institutions under GLBA.
The Gradle build cache is a performance feature with supply chain consequences. Here is how to configure it so cache poisoning, stale outputs, and cross-project contamination do not become your next incident.
A practical walkthrough for signing container images with Cosign using keyless OIDC, verifying signatures, and enforcing policy in your Kubernetes cluster.
Attackers used stolen credentials from infostealer malware to access Snowflake customer accounts without MFA, compromising data at Ticketmaster, Santander, AT&T, and over 160 other organizations.
A workable rotation strategy for GCP Secret Manager: how to structure secret versions, schedule rotation, coordinate consumers, and avoid the outage patterns that scare teams off rotation in the first place.
Field notes from migrating a production workspace from Rust 2018 to 2021, and what to watch for when 2024 lands in edition transitions.
Weekly insights on software supply chain security, delivered to your inbox.