Safeguard
Tag

attestation

Safeguard articles tagged "attestation" — guides, analysis, and best practices for software supply chain and application security.

33 articles

Best Practices

Confidential Computing in Supply Chain Integration

How Intel TDX, AMD SEV-SNP, and AWS Nitro enclaves plug into build and signing pipelines, with attestation flows and operational tradeoffs.

Mar 18, 20255 min read
SBOM & Compliance

Provenance Attestation Consumer Workflow

Generating provenance is half the story. Consuming it correctly, at the right points in the pipeline, is where the security value actually materialises.

Nov 20, 20247 min read
SBOM & Compliance

Witness Attestation Collection Workflow

Witness turns build steps into a chain of signed attestations. Here is how we use it in production pipelines, what it does well, and where the edges still cut.

Sep 22, 20247 min read
DevSecOps

How to Validate SLSA Provenance in CI

Generate and validate SLSA v1.0 provenance attestations in GitHub Actions using slsa-verifier, gate releases on builder identity, and prove build integrity.

Sep 14, 20244 min read
SBOM & Compliance

in-toto Attestation Formats Reviewed

The in-toto attestation framework is the plumbing under SLSA, Sigstore, and most supply chain tooling. Here is a practical review of the v1 formats and their edges.

Jun 28, 20246 min read
Compliance

CISA Secure Software Development Attestation: What Vendors Must Know

CISA now requires software vendors selling to the US government to attest to secure development practices. Here's what the form demands and how to prepare.

Mar 11, 20246 min read
Supply Chain Attacks

SLSA v1.0: Software Provenance Attestation Goes Mainstream

The SLSA framework reached v1.0 in April 2023, providing a practical framework for software supply chain integrity that's already being adopted by major package registries.

Sep 10, 20235 min read
DevSecOps

Software Attestation in Practice: From Theory to Implementation

Software attestation is moving from academic concept to practical requirement. Here's how to implement it in your build pipelines today.

Apr 8, 20236 min read
Hardware Security

Trusted Computing and TPM in the Software Supply Chain

Trusted Platform Modules provide a hardware root of trust for verifying software integrity. Understanding how TPMs fit into supply chain security helps build tamper-resistant systems.

Oct 5, 20227 min read
attestation (Page 3) — Safeguard Blog