Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A working security configuration for GCP Pub/Sub: topic and subscription IAM, message encryption, VPC Service Controls, dead-letter handling, and the failure modes that turn a messaging layer into an attack surface.
Safeguard v3 adds compliance framework mapping, automated evidence collection, audit-ready reporting, and VEX document support for regulatory readiness.
Despite growing regulatory pressure, enterprise SBOM adoption remains uneven. A look at where organizations actually stand with SBOM generation, consumption, and operationalization.
Supply chain risks specific to GraphQL stacks: Apollo, graphql-js, persisted queries, introspection, and transitive risk in gateway federation.
The PRC-linked pre-positioning group that scared DHS and the NSA into a public warning, and what it means for supply chain defenders.
Policy design patterns for GCP Binary Authorization that hold up in production: attestor topology, exception handling, continuous validation, and the shapes that stop a deploy-time compromise without blocking legitimate rollouts.
A chain of vulnerabilities in the CUPS printing system allows unauthenticated attackers to achieve remote code execution on Linux systems by exploiting how printers are discovered and configured.
CDK constructs are code that provisions infrastructure. Most teams audit the infrastructure but not the constructs. Here is how to think about construct library security and what to check.
Doppler pitches itself as the secrets platform that gets out of developers' way. A detailed look at what works, what does not, and the trade-offs against Vault, Infisical, and the cloud-native options.
Weekly insights on software supply chain security, delivered to your inbox.