Safeguard
Topic

Best Practices

In-depth guides and analysis on best practices from the Safeguard engineering team.

252 articles

Best Practices

Fastify Security Posture in 2024

Fastify hit version 5.0 in September 2024 with a slimmer core, a plugin model that encourages correctness, and a security track record that genuinely distinguishes it from the Express crowd. Here is what I have learned auditing Fastify apps this year.

Sep 20, 20247 min read
Best Practices

Database Platform Migration: Supply Chain

Database migrations touch every part of the software supply chain. This guide covers how to keep schemas, secrets, and data lineage secure during a platform change.

Sep 18, 20247 min read
Best Practices

Build Server Compromise Investigation

A hands-on investigation guide for compromised build servers, from initial containment through rootkit checks and clean rebuild.

Aug 28, 20247 min read
Best Practices

Legacy COBOL Supply Chain Modernization: A Pragmatic Playbook

Modernize the supply chain around COBOL systems without rewriting them. Build provenance, SBOMs, and policy gates for mainframe code that is not going anywhere.

Aug 28, 20247 min read
Best Practices

CyberArk Conjur for Enterprise Secrets Management

Where Conjur fits in 2024 for enterprise secrets management, what it does well, where it hurts, and how to roll it out without drowning the platform team.

Aug 25, 20247 min read
Best Practices

Incident Response Playbook: Supply Chain Compromise

A step-by-step playbook for responding to upstream dependency, build system, and vendor compromises, including roles, timelines, and stakeholder communications.

Aug 19, 20246 min read
Best Practices

SvelteKit Supply Chain Considerations

SvelteKit's compiled-output philosophy gives it a smaller runtime footprint than React frameworks, but the build-time supply chain is just as complex. Here is what to watch for when you adopt Svelte in production.

Aug 14, 20246 min read
Best Practices

AWS Step Functions Workflow Security

Step Functions workflows orchestrate everything from data pipelines to security automations. The workflow IAM role is almost always the most powerful thing in the stack. Here is how to lock it down.

Aug 10, 20247 min read
Best Practices

Dependency Compromise Timeline Reconstruction

How to rebuild a precise timeline after a dependency has been compromised, using lockfile history, registry metadata, and CI logs.

Jul 28, 20246 min read
Best Practices

Monolith to Microservices: Supply Chain Changes

What really happens to your software supply chain when you decompose a monolith into services, and how to avoid trading one risk for forty new ones.

Jul 28, 20247 min read
Best Practices

Pydantic v2 Security Implications

Pydantic v2 rewrote the core in Rust and changed validation semantics. Here is what that means for security-sensitive code, from input coercion to ReDoS exposure.

Jul 25, 20246 min read
Best Practices

Lessons from CrowdStrike: Rethinking How We Deploy Software Updates

The CrowdStrike outage wasn't just an EDR problem. It exposed fundamental weaknesses in how the entire industry handles software updates, from kernel drivers to SaaS platforms.

Jul 22, 20248 min read
Best Practices (Page 17) — Supply Chain Security Blog | Safeguard