Safeguard
Topic

Best Practices

In-depth guides and analysis on best practices from the Safeguard engineering team.

252 articles

Best Practices

SecOps Budget Justification: Supply Chain Program

Supply chain SecOps budgets get cut because the case is told as fear instead of math. Here is a budget justification that survives a finance review.

Mar 9, 20267 min read
Best Practices

Safeguard vs Wiz: Supply Chain Focus 2026

How Safeguard and Wiz compare in 2026 for software supply chain security, SCA depth, container provenance, and autonomous remediation.

Mar 9, 20267 min read
Best Practices

Vendor Offboarding and Supply Chain Data Destruction

A practical playbook for offboarding software vendors and ensuring data is actually destroyed, not just promised to be destroyed, across complex subprocessor chains.

Mar 9, 20267 min read
Best Practices

MCP Server Capability Policy Enforcement

MCP servers expose tools that AI agents can call directly. Capability policy decides which tools each agent gets, with the same rigor as any other supply chain gate.

Mar 6, 20268 min read
Best Practices

How to Generate an SBOM with GitHub Actions (2026)

SBOMs are a compliance table-stakes artifact in 2026. Here is a production GitHub Actions workflow that generates, signs, and attests a CycloneDX SBOM on every release.

Mar 6, 20266 min read
Best Practices

How to Detect Malicious npm Packages: A Workflow

A practical detection workflow for malicious npm packages: install-time signals, registry heuristics, reachability checks, and CI gates that actually block attacks.

Mar 6, 20267 min read
Best Practices

Procurement Security Questionnaires That Actually Work

How to design a supplier security questionnaire that produces usable signal, what to cut from standard templates, and how to integrate the output into real risk decisions.

Mar 6, 20267 min read
Best Practices

Post-Quantum Signing: An Artifact Migration Plan

A concrete migration plan for artifact signing from ECDSA to ML-DSA and SLH-DSA, covering Sigstore, Notary, HSMs, and staged hybrid rollouts.

Mar 5, 20265 min read
Best Practices

Tracking Vendor-Supplied Binaries In Your Runtime

Vendor binaries run as root and ship without SBOMs. Continuous discovery brings them under the same governance as your own code.

Mar 5, 20267 min read
Best Practices

Vendor Risk During M&A Due Diligence

M&A due diligence usually ignores vendor risk until the day after close. By then, the buyer has inherited a vendor portfolio with no visibility and no leverage.

Mar 5, 20267 min read
Best Practices

Safeguard vs Aqua Security Platform Review

A fact-based comparison of Safeguard and Aqua Security in 2026 across container coverage, runtime protection, SCA depth, and supply chain capabilities.

Mar 5, 20267 min read
Best Practices

Evidence-Driven SecOps vs Feeling-Driven SecOps

Two SecOps programs can look identical on a status report and behave completely differently when the next incident hits. The difference is whether they run on evidence or on feeling.

Mar 4, 20267 min read
Best Practices (Page 9) — Supply Chain Security Blog | Safeguard