Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Point-in-time dependency scans miss vulnerabilities disclosed between scans. Here is how to set up continuous monitoring that catches new threats as they emerge.
A review of GitLab Ultimate's security scanning features covering SAST, DAST, dependency scanning, container scanning, and how integrated security compares to best-of-breed tools.
Securing iOS and macOS dependencies with Swift Package Manager and CocoaPods, including checksum verification and source control.
Securing Spinnaker's multi-cloud deployment pipelines with authentication, authorization, pipeline constraints, and artifact verification.
How to configure GCP Artifact Registry for security-first container and package management, from IAM policies to vulnerability scanning.
The FDA now requires software bill of materials for medical device submissions. Here's what manufacturers need to know about compliance.
gosec is the standard security linter for Go. Here is what it catches, what it misses, and how to integrate it effectively into your workflow.
A critical authentication vulnerability in Jira Service Management allowed attackers to impersonate users and gain access to sensitive service desk instances. The flaw bypassed email verification controls.
Generating SBOMs is only half the battle. Sharing them securely and effectively with stakeholders requires careful planning and tooling.
Weekly insights on software supply chain security, delivered to your inbox.