Safeguard
Topic

Best Practices

In-depth guides and analysis on best practices from the Safeguard engineering team.

252 articles

Best Practices

GCP Workload Identity Federation: Supply Chain Uses

How to use GCP Workload Identity Federation to eliminate long-lived service account keys from your supply chain: GitHub Actions, GitLab CI, external builders, and the misconfigurations that silently undermine the design.

Jul 12, 20247 min read
Best Practices

FastAPI Supply Chain Security: A Working Guide

FastAPI's dependency surface is deceptively large. Here is how to lock it down in practice, covering Starlette, Pydantic, Uvicorn, and the plugins you likely missed.

Jul 5, 20246 min read
Best Practices

Azure Policy for Supply Chain Enforcement

Azure Policy is the enforcement layer most Azure platforms underuse. A concrete, policy-by-policy guide to wiring it into supply chain controls that actually stick.

Jun 30, 20248 min read
Best Practices

Retail POS Supply Chain Security

Practical controls and standards shaping point-of-sale software supply chains, from PCI DSS 4.0 to PA-DSS successors and retailer-specific frameworks.

Jun 30, 20247 min read
Best Practices

AWS Secrets Manager vs Parameter Store

Two AWS services, overlapping features, and a pricing difference that adds up to real money. The decision framework for Secrets Manager vs Parameter Store, based on what actually goes wrong in production.

Jun 28, 20246 min read
Best Practices

Malicious Package Quarantine Procedures

How to quarantine a malicious package across your registries, caches, and running systems without breaking every developer's workflow.

Jun 20, 20246 min read
Best Practices

Vulnerability Management at Enterprise Scale: What Actually Works

Managing vulnerabilities across thousands of applications and millions of dependencies requires fundamentally different approaches than what works for a single team. Here is what scales.

Jun 20, 20247 min read
Best Practices

Payment Processor Dependency Risks

The libraries and services that sit between a merchant and the card networks carry concentrated risk. A practical look at what goes wrong, and how to build a dependency program that catches it.

Jun 18, 20247 min read
Best Practices

DevEx Meets DevSecOps: Why Developer Experience Determines Security Outcomes

Security tools that developers hate get bypassed. The organizations with the best security outcomes are the ones that treat developer experience as a security requirement.

Jun 15, 20246 min read
Best Practices

GCP Secret Manager Rotation Strategy

A workable rotation strategy for GCP Secret Manager: how to structure secret versions, schedule rotation, coordinate consumers, and avoid the outage patterns that scare teams off rotation in the first place.

Jun 8, 20247 min read
Best Practices

Rust Edition Migration Security Notes

Field notes from migrating a production workspace from Rust 2018 to 2021, and what to watch for when 2024 lands in edition transitions.

Jun 8, 20247 min read
Best Practices

Next.js Supply Chain Security Hardening

Next.js pulls hundreds of transitive dependencies into production bundles, and the middleware auth bypass of March 2025 showed how a single framework CVE cascades across every App Router deployment. Here is the hardening playbook for 2024 and beyond.

Jun 4, 20246 min read
Best Practices (Page 18) — Supply Chain Security Blog | Safeguard