attestation
Safeguard articles tagged "attestation" — guides, analysis, and best practices for software supply chain and application security.
33 articles
Azure Confidential VM Attestation in a Supply Chain Pipeline
Confidential VMs on Azure protect workloads in use, but the attestation flow is where their value gets unlocked. We trace how to wire it into a build and deploy pipeline.
in-toto Attestation Framework Walkthrough 2026
A working engineer's tour of in-toto in 2026: layouts, links, the attestation predicate ecosystem, and how it composes with SLSA, sigstore, and SBOMs.
GCP Binary Authorization Attestation Verifier: Production Patterns
Binary Authorization in 2026 moved from breakglass-heavy gatekeeping to attestation-driven trust. We unpack how to design verifiers that scale across teams and clusters.
Multi-Arch Image Builds and Attestation Pitfalls
Why multi-architecture container images break assumptions baked into signing, SBOM, and attestation tooling, and how to build a multi-arch pipeline that stays verifiable.
AI Model Weights: Signing, Attestation, Provenance
Model weights are binaries with the privilege of code and the review of documents. Here is what signing, attestation, and provenance should actually look like.
CISA Secure by Design Pledge: Signatories in 2026
CISA's Secure by Design Pledge has crossed 300 signatories. Here is what the 2026 cohort is committing to, what regulators expect in return, and how to prove it.
Safeguard Gold Build Pipeline: How It Works
A walkthrough of the Gold Build pipeline that produces reproducible, attested, policy-verified container images and binaries for Safeguard customers.
Zero-Knowledge Proofs for Supply Chain Attestation
Where zk-SNARKs, STARKs, and Bulletproofs actually fit in software supply chain attestation, and where conventional signatures remain the correct choice.
Technical comparison of AMD SEV-SNP and Intel TDX securit...
A technical comparison of AMD SEV-SNP vs Intel TDX covering memory encryption, attestation, CVE history, and cloud provider support.
SLSA v1.2 Source Track: What Changed in November 2025
SLSA v1.2 was approved in November 2025 and finally completes the Source Track that v0.1 only sketched. We break down the new source levels and what producers must change.
Training Data Provenance for Enterprise Fine-Tuning
Fine-tuning corpora are supply chain artifacts. We cover the provenance signals, attestations, and drift controls enterprises need before pushing weights to prod.
Best software supply chain attestation tools
A practical, no-hype comparison of software supply chain attestation tools — in-toto, Sigstore, GUAC, GitHub, JFrog, and Chainguard — plus how to pick the right fit.