Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
BianLian abandoned encryption entirely in favor of data theft and extortion. This shift reveals where ransomware economics are heading — and why traditional defenses are lagging behind.
A step-by-step investigation playbook for suspected CI/CD pipeline compromise, from runner forensics to secrets rotation.
A step-by-step tutorial for publishing npm packages with provenance attestations so your consumers can cryptographically verify the build source.
A practical hardening guide for Tekton Pipelines covering TaskRun isolation, step image provenance, workspace secrets, and the CVE history that shaped the current defaults.
What changes in your software supply chain when you move from virtual machines to containers, and how to adapt governance, scanning, and provenance accordingly.
Certificate pinning can protect your update channel from MITM attacks, but it introduces operational complexity. Here is when pinning makes sense and how to do it safely.
Mobile apps have unique security challenges that web-focused tools miss entirely. Here is a practical testing methodology for iOS and Android.
Most security metrics measure activity, not outcomes. Here is how to build a KPI framework that tells leadership whether the security program is actually reducing risk.
A practical tour through the tangle of regulations, supervisory letters, and industry standards that now govern how fintech firms build, buy, and operate software.
Weekly insights on software supply chain security, delivered to your inbox.