Safeguard
Topic

Best Practices

In-depth guides and analysis on best practices from the Safeguard engineering team.

252 articles

Best Practices

Security Champions With a Supply Chain Focus

Designing and running a security champions program specifically for supply chain risks, including recruitment, training, cadences, and measurable impact.

Aug 16, 20236 min read
Best Practices

Reproducible Builds in the Go Ecosystem

Go's toolchain makes reproducible builds unusually tractable. Here is how to reach bit-for-bit builds across machines in 2023, and where the rough edges remain.

Jul 20, 20235 min read
Best Practices

Flask Application Security: A Deep Dive

Flask gives you room to make mistakes. This is a long look at the patterns that keep Flask apps safe in 2023, covering sessions, extensions, Werkzeug, and Jinja.

Jun 18, 20237 min read
Best Practices

Developer-Focused Security Awareness for Supply Chain

A supply-chain-specific developer awareness curriculum that replaces generic phishing drills with content engineers actually need, measured by behavior change.

May 22, 20236 min read
Best Practices

Security Code Review Best Practices

How to make code reviews an effective security checkpoint without turning every PR into a week-long security audit.

Mar 10, 20236 min read
Best Practices

Container Image Hardening Checklist

A comprehensive checklist for hardening your container images, from base image selection to runtime protections, with practical Dockerfile examples.

Jan 12, 20236 min read
Best Practices

The End-of-Year Dependency Audit Ritual

Most dependency audits get done in a panic after a CVE lands. A planned year-end audit is cheaper, more thorough, and produces a backlog you can actually work through in Q1.

Dec 10, 20226 min read
Best Practices

Open Source Policy Template for Enterprises

A practical template for crafting an enterprise open-source usage policy that balances developer freedom with security and compliance requirements.

Oct 20, 20226 min read
Best Practices

Shifting Left Without Slowing Down

How to integrate security earlier in the development lifecycle without turning your CI pipeline into a bottleneck that developers hate.

Jun 15, 20226 min read
Best Practices

Secure Coding Practices: A Developer's Guide

Practical secure coding habits every developer should build, covering input validation, authentication, dependency management, and more.

May 18, 20226 min read
Best Practices

Why Dependency Pinning Alone Is Not Enough

Pinning dependencies feels like a complete answer to supply chain risk. It is not — and the gap between pinning and real integrity matters more in 2022 than ever.

May 17, 20226 min read
Best Practices

A First-Principles Guide to Artifact Signing in 2022

Artifact signing is having a moment, but most teams skip the fundamentals. Here is the first-principles case for why you sign, what you sign, and who verifies.

Mar 20, 20226 min read
Best Practices (Page 21) — Supply Chain Security Blog | Safeguard