Best Practices
In-depth guides and analysis on best practices from the Safeguard engineering team.
252 articles
GCP Workload Identity Federation: Supply Chain Uses
How to use GCP Workload Identity Federation to eliminate long-lived service account keys from your supply chain: GitHub Actions, GitLab CI, external builders, and the misconfigurations that silently undermine the design.
FastAPI Supply Chain Security: A Working Guide
FastAPI's dependency surface is deceptively large. Here is how to lock it down in practice, covering Starlette, Pydantic, Uvicorn, and the plugins you likely missed.
Azure Policy for Supply Chain Enforcement
Azure Policy is the enforcement layer most Azure platforms underuse. A concrete, policy-by-policy guide to wiring it into supply chain controls that actually stick.
Retail POS Supply Chain Security
Practical controls and standards shaping point-of-sale software supply chains, from PCI DSS 4.0 to PA-DSS successors and retailer-specific frameworks.
AWS Secrets Manager vs Parameter Store
Two AWS services, overlapping features, and a pricing difference that adds up to real money. The decision framework for Secrets Manager vs Parameter Store, based on what actually goes wrong in production.
Malicious Package Quarantine Procedures
How to quarantine a malicious package across your registries, caches, and running systems without breaking every developer's workflow.
Vulnerability Management at Enterprise Scale: What Actually Works
Managing vulnerabilities across thousands of applications and millions of dependencies requires fundamentally different approaches than what works for a single team. Here is what scales.
Payment Processor Dependency Risks
The libraries and services that sit between a merchant and the card networks carry concentrated risk. A practical look at what goes wrong, and how to build a dependency program that catches it.
DevEx Meets DevSecOps: Why Developer Experience Determines Security Outcomes
Security tools that developers hate get bypassed. The organizations with the best security outcomes are the ones that treat developer experience as a security requirement.
GCP Secret Manager Rotation Strategy
A workable rotation strategy for GCP Secret Manager: how to structure secret versions, schedule rotation, coordinate consumers, and avoid the outage patterns that scare teams off rotation in the first place.
Rust Edition Migration Security Notes
Field notes from migrating a production workspace from Rust 2018 to 2021, and what to watch for when 2024 lands in edition transitions.
Next.js Supply Chain Security Hardening
Next.js pulls hundreds of transitive dependencies into production bundles, and the middleware auth bypass of March 2025 showed how a single framework CVE cascades across every App Router deployment. Here is the hardening playbook for 2024 and beyond.