Safeguard
Topic

Concepts

In-depth guides and analysis on concepts from the Safeguard engineering team.

116 articles

Concepts

What is a Trusted Publisher (PyPI and npm)

A trusted publisher lets your CI workflow publish packages with short-lived OIDC tokens instead of stored API keys. Here's how it works on PyPI and where npm stands.

May 21, 20257 min read
Concepts

What Is a Nonce? The Number Used Once in Cryptography

A nonce is a value used a single time to keep cryptographic operations fresh and stop attackers from replaying old messages. Small idea, outsized importance.

May 6, 20256 min read
Concepts

What Is End-to-End Encryption? Privacy From Sender to Recipient

End-to-end encryption keeps data readable only by the sender and intended recipient, so not even the service carrying the message can see its contents.

Apr 9, 20256 min read
Concepts

What Is a Certificate Authority? The Root of Digital Trust

A certificate authority is the trusted third party that vouches for who owns a public key. It is the reason your browser can trust a website it has never seen before.

Mar 18, 20256 min read
Concepts

What Is Key Management? Protecting the Keys That Protect Everything

Key management is the discipline of generating, storing, rotating, and retiring cryptographic keys safely. Strong encryption is only as good as the way its keys are handled.

Feb 25, 20256 min read
Concepts

What Is Mutual TLS (mTLS)? Two-Way Authentication Explained

Mutual TLS makes both sides of a connection prove their identity with certificates, not just the server. It is the backbone of zero-trust communication between services.

Feb 11, 20255 min read
Concepts

What Is TLS? Transport Layer Security Explained

TLS is the protocol that encrypts data in transit across the internet, turning the padlock in your browser into real protection against eavesdropping and tampering.

Jan 28, 20256 min read
Concepts

What Is Hashing? A Plain-English Guide to One-Way Functions

Hashing turns any input into a fixed-size fingerprint that cannot be reversed. It quietly powers password storage, integrity checks, and digital signatures across modern software.

Jan 14, 20256 min read
Concepts

What is Continuous Compliance Monitoring

Continuous compliance monitoring replaces the annual audit scramble with automated, always-on checks that map live system evidence to control requirements.

Jan 12, 20257 min read
Concepts

What is a Post-Quantum Migration Plan

A post-quantum migration plan is your inventory-and-replacement roadmap from RSA and ECC to ML-KEM and ML-DSA. Here's what a credible one contains, step by step.

Jan 4, 20257 min read
Concepts

What is a Package Registry Mirror

A package registry mirror is a local copy or caching proxy of a public registry. It keeps builds running when npm is down — and controls what enters your supply chain.

Dec 17, 20246 min read
Concepts

What Is ABAC (Attribute-Based Access Control)

ABAC decides access by evaluating attributes of the user, resource, action, and environment against policy rules. Learn how it works and when to choose it over roles.

Dec 3, 20246 min read
Concepts (Page 8) — Supply Chain Security Blog | Safeguard