Safeguard
Tag

attestation

Safeguard articles tagged "attestation" — guides, analysis, and best practices for software supply chain and application security.

33 articles

Cloud Security

Azure Confidential VM Attestation in a Supply Chain Pipeline

Confidential VMs on Azure protect workloads in use, but the attestation flow is where their value gets unlocked. We trace how to wire it into a build and deploy pipeline.

Mar 2, 20267 min read
Software Supply Chain Security

in-toto Attestation Framework Walkthrough 2026

A working engineer's tour of in-toto in 2026: layouts, links, the attestation predicate ecosystem, and how it composes with SLSA, sigstore, and SBOMs.

Mar 2, 20265 min read
Cloud Security

GCP Binary Authorization Attestation Verifier: Production Patterns

Binary Authorization in 2026 moved from breakglass-heavy gatekeeping to attestation-driven trust. We unpack how to design verifiers that scale across teams and clusters.

Feb 25, 20267 min read
Container Security

Multi-Arch Image Builds and Attestation Pitfalls

Why multi-architecture container images break assumptions baked into signing, SBOM, and attestation tooling, and how to build a multi-arch pipeline that stays verifiable.

Feb 22, 20268 min read
AI Security

AI Model Weights: Signing, Attestation, Provenance

Model weights are binaries with the privilege of code and the review of documents. Here is what signing, attestation, and provenance should actually look like.

Feb 8, 20267 min read
Compliance

CISA Secure by Design Pledge: Signatories in 2026

CISA's Secure by Design Pledge has crossed 300 signatories. Here is what the 2026 cohort is committing to, what regulators expect in return, and how to prove it.

Jan 28, 20267 min read
Architecture

Safeguard Gold Build Pipeline: How It Works

A walkthrough of the Gold Build pipeline that produces reproducible, attested, policy-verified container images and binaries for Safeguard customers.

Jan 28, 20267 min read
Industry Analysis

Zero-Knowledge Proofs for Supply Chain Attestation

Where zk-SNARKs, STARKs, and Bulletproofs actually fit in software supply chain attestation, and where conventional signatures remain the correct choice.

Jan 12, 20265 min read
Buyer's Guides

Technical comparison of AMD SEV-SNP and Intel TDX securit...

A technical comparison of AMD SEV-SNP vs Intel TDX covering memory encryption, attestation, CVE history, and cloud provider support.

Dec 11, 20258 min read
Frameworks

SLSA v1.2 Source Track: What Changed in November 2025

SLSA v1.2 was approved in November 2025 and finally completes the Source Track that v0.1 only sketched. We break down the new source levels and what producers must change.

Nov 20, 20256 min read
AI Security

Training Data Provenance for Enterprise Fine-Tuning

Fine-tuning corpora are supply chain artifacts. We cover the provenance signals, attestations, and drift controls enterprises need before pushing weights to prod.

Nov 18, 20255 min read
Buyer's Guides

Best software supply chain attestation tools

A practical, no-hype comparison of software supply chain attestation tools — in-toto, Sigstore, GUAC, GitHub, JFrog, and Chainguard — plus how to pick the right fit.

Nov 18, 20257 min read
attestation (Page 2) — Safeguard Blog