Container Security
Kubernetes Secrets Encryption Providers Reviewed
etcd encryption at rest finally works out of the box. The question is which provider you use, and the trade-offs have sharpened in 2024.
Mar 5, 20248 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
etcd encryption at rest finally works out of the box. The question is which provider you use, and the trade-offs have sharpened in 2024.
Abandoned packages are ticking time bombs in the supply chain. When maintainers disappear, attackers can take over package names and push malicious updates to millions of downstream projects.
Capacitor-based hybrid apps blend web technologies with native device access. This combination creates a unique attack surface that requires specific security strategies.
Security audits of the Rust crate ecosystem reveal patterns of unsafe code, build script risks, and supply chain vulnerabilities. Here is what the data shows.
Governments worldwide are moving to hold software vendors liable for security failures. Here is what the shifting liability landscape means for software producers and consumers.
Securing Argo CD deployments with RBAC, SSO integration, secret management, and network policies for production Kubernetes clusters.
Software updates are a double-edged sword: they deliver patches but also provide a trusted channel attackers can exploit. Securing the update mechanism itself is essential to supply chain integrity.
Today we are launching Safeguard, a platform purpose-built for managing the security of your software supply chain from SBOM generation to vulnerability response.
SAM templates look simple and that is exactly the problem. The defaults are generous, the transforms are opaque, and the resulting stacks are often more privileged than anyone intended.
Weekly insights on software supply chain security, delivered to your inbox.