Safeguard
Tag

azure

Safeguard articles tagged "azure" — guides, analysis, and best practices for software supply chain and application security.

38 articles

Cloud Security

Insecure defaults in Azure ARM templates: a pre-deployment scanning guide

Azure Resource Manager templates don't enforce TLS 1.2 or block public blob access by default — here's how to catch it before terraform apply's Azure cousin ever runs.

Jul 16, 20267 min read
Cloud Security

Azure Bicep IaC security fundamentals: secrets, module trust, and policy gates

A @secure() Bicep parameter still leaks in plaintext the moment it's written to an output — a well-documented gap most teams discover only after a deployment history review.

Jul 15, 20267 min read
Cloud Security

Building a Multi-Cloud Security Strategy That Actually Scales

A practical framework for securing AWS, Azure, and GCP together — the pillars, the provider differences that trip teams up, and how to unify controls with policy-as-code.

Jul 2, 20265 min read
Cloud Security

Azure Functions extensions as a supply chain entry point in 2026

Binding extensions and isolated worker SDK packages run with the function's managed identity. Here is how to evaluate and gate them in 2026.

May 12, 20267 min read
DevSecOps

AWS CodePipeline Supply Chain Defence 2026

AWS CodePipeline is where most AWS-native supply chain attacks land in 2026. This is the defence blueprint that actually works in production accounts.

Apr 13, 20267 min read
DevSecOps

Azure DevOps Pipeline Supply Chain Controls

Azure DevOps pipelines hold more production deploy power than any other system in many enterprises. The 2026 supply chain controls are not optional anymore.

Apr 9, 20267 min read
DevSecOps

GCP Cloud Build Supply Chain Defence

Cloud Build has the strongest native supply chain primitives of any major CI service. Most GCP shops are still not using them. This is the 2026 blueprint.

Apr 5, 20267 min read
Cloud Security

Azure Key Vault Managed HSM for Artifact Signing: Pattern Library

Managed HSM gives you FIPS 140-3 Level 3 key custody in Azure. We map the patterns for using it as the root of trust for code signing, container signing, and SBOM attestation.

Apr 4, 20267 min read
DevSecOps

AWS ECR Image Signing With Cosign In Production

Cosign-signed images in ECR are no longer a side project. This is how to roll out signing across an AWS estate without breaking the deploy pipeline.

Mar 31, 20267 min read
DevSecOps

Azure ACR Trusted Images Policy Rollout

ACR's trusted images and notation signing combine into a deploy-time policy you can actually enforce. Here is how to roll it out without breaking AKS workloads.

Mar 26, 20267 min read
DevSecOps

Azure Artifacts Sigstore Integration Walkthrough 2026

A practical walkthrough for integrating Sigstore signing and verification with Azure Artifacts in 2026, including the gaps you should know about before starting.

Mar 26, 20265 min read
DevSecOps

GCP Binary Authorization Real-World Deployment

Binary Authorization works in production, but the rollout pattern is not obvious. This is the real-world deployment guide for 2026 GCP estates.

Mar 21, 20268 min read
azure — Safeguard Blog