Safeguard
Tag

best-practices

Safeguard articles tagged "best-practices" — guides, analysis, and best practices for software supply chain and application security.

105 articles

Best Practices

The Complete Guide to Dependency Lifecycle Management

Dependencies are not static. They are born, maintained, deprecated, and abandoned. Here is how to manage the full lifecycle of your software dependencies.

Oct 30, 20257 min read
SBOM

Container SBOM Generation: Best Practices for 2025

Container images are multi-layered artifacts that challenge SBOM generators. Here is how to generate comprehensive, accurate SBOMs for containerized applications.

Oct 1, 20256 min read
SBOM

SBOM Quality Metrics: Moving Beyond Completeness

Most SBOM quality discussions stop at completeness. Real quality requires measuring accuracy, freshness, depth, and actionability. Here is a practical framework.

Aug 1, 20256 min read
Best Practices

Bounty Program Scoping for Dependencies

How to scope a bug bounty program when most of your attack surface lives in third-party dependencies — with guidance on payouts, triage, and upstream coordination.

Apr 8, 20258 min read
Best Practices

Coordinated Disclosure Zero-Day Playbook

A playbook for coordinated disclosure of zero-day vulnerabilities, covering timelines, stakeholder management, embargo discipline, and the judgement calls in between.

Dec 12, 20248 min read
Best Practices

Container Security Best Practices for 2025: Beyond Image Scanning

Container security has evolved far past vulnerability scanning. Here is what mature container security programs look like heading into 2025.

Dec 1, 20247 min read
Best Practices

AWS IAM Roles Anywhere and the Supply Chain

IAM Roles Anywhere lets workloads outside AWS assume IAM roles using X.509 certificates. It is also becoming the authentication layer for supply chain tools. Here is what the threat model looks like.

Nov 5, 20248 min read
Best Practices

AWS SSM Parameter Store Security

Parameter Store is everywhere in AWS workloads, which means it accumulates secrets, configuration, and bad IAM over time. Here is the security review I run on every Parameter Store deployment.

Oct 18, 20247 min read
Best Practices

Azure App Service Deployment Security

App Service deployments are easy, which is the problem. A look at the deployment paths, credential surfaces, and hardening steps that matter for production workloads.

Oct 10, 20248 min read
Best Practices

GCP Pub/Sub Security Configuration

A working security configuration for GCP Pub/Sub: topic and subscription IAM, message encryption, VPC Service Controls, dead-letter handling, and the failure modes that turn a messaging layer into an attack surface.

Oct 2, 20247 min read
Best Practices

Doppler Enterprise Secrets Platform Reviewed

Doppler pitches itself as the secrets platform that gets out of developers' way. A detailed look at what works, what does not, and the trade-offs against Vault, Infisical, and the cloud-native options.

Sep 22, 20247 min read
Best Practices

AWS Step Functions Workflow Security

Step Functions workflows orchestrate everything from data pipelines to security automations. The workflow IAM role is almost always the most powerful thing in the stack. Here is how to lock it down.

Aug 10, 20247 min read
best-practices (Page 7) — Safeguard Blog