Cloud Security
In-depth guides and analysis on cloud security from the Safeguard engineering team.
237 articles
Dependency Confusion Attack
How dependency confusion attacks exploit registry name collisions to run attacker code inside corporate networks, from Alex Birsan's 2021 research to the 2022 PyTorch breach.
Repojacking
Aqua Security found nearly 37,000 GitHub repos vulnerable to repojacking, including Google and Lyft. Here's how the attack works and how Safeguard catches it.
Container Image Signing
Signing tells you where a container image came from; scanning only tells you what's inside it. Here's how image signing works, how Aqua handles it, and what a complete solution needs.
Prisma Cloud Runtime Security Deep Review 2026
A working engineer's review of Prisma Cloud's runtime security capabilities in 2026, covering Defender architecture, detection efficacy, and operational realities.
CNAPP vs CASB: what's the difference?
CNAPP and CASB are often confused, but they secure different things. Here's how they compare, how Prisma Cloud fits, and where supply chain security comes in.
Benefits of Cloud Security Posture Management (CSPM)
CSPM cuts breach risk and audit time by catching cloud misconfigurations before attackers do. See the data on cost, MTTR, and where Prisma Cloud falls short.
Cloudflare Workers Build Attestations: A Defender's Field Guide
Workers Builds emits provenance attestations for the code it deploys. We trace how to verify them, gate on them, and integrate them into a multi-cloud supply chain program.
CrowdStrike Cloud Security vs Wiz 2026
CrowdStrike has invested aggressively in CNAPP capabilities through Falcon Cloud Security. Can the endpoint giant displace Wiz on cloud-native ground? A frank assessment.
5 best practices for using Prisma Cloud with Oracle Cloud...
Five OCI cloud security best practices for running Prisma Cloud on Oracle Cloud Infrastructure, from IAM scoping to closing the software supply chain gap.
Discover, protect and respond with AWS and Prisma Cloud
Prisma Cloud discovers, protects, and responds across AWS — but the framework starts after code is already built. Here's the AWS supply chain gap it leaves open, and how to close it.
What Is CNAPP? (Cloud-Native Application Protection Platf...
CNAPP unifies CSPM, CWPP, CIEM, and app security into one platform. Here's the Gartner-defined pillars, how Prisma Cloud stacks up, and the supply-chain gap it leaves.
Azure Key Vault Managed HSM for Artifact Signing: Pattern Library
Managed HSM gives you FIPS 140-3 Level 3 key custody in Azure. We map the patterns for using it as the root of trust for code signing, container signing, and SBOM attestation.