Safeguard
Tag

best-practices

Safeguard articles tagged "best-practices" — guides, analysis, and best practices for software supply chain and application security.

105 articles

Best Practices

GCP Workload Identity Federation: Supply Chain Uses

How to use GCP Workload Identity Federation to eliminate long-lived service account keys from your supply chain: GitHub Actions, GitLab CI, external builders, and the misconfigurations that silently undermine the design.

Jul 12, 20247 min read
Best Practices

Azure Policy for Supply Chain Enforcement

Azure Policy is the enforcement layer most Azure platforms underuse. A concrete, policy-by-policy guide to wiring it into supply chain controls that actually stick.

Jun 30, 20248 min read
Best Practices

AWS Secrets Manager vs Parameter Store

Two AWS services, overlapping features, and a pricing difference that adds up to real money. The decision framework for Secrets Manager vs Parameter Store, based on what actually goes wrong in production.

Jun 28, 20246 min read
Best Practices

GCP Secret Manager Rotation Strategy

A workable rotation strategy for GCP Secret Manager: how to structure secret versions, schedule rotation, coordinate consumers, and avoid the outage patterns that scare teams off rotation in the first place.

Jun 8, 20247 min read
Best Practices

Rust Edition Migration Security Notes

Field notes from migrating a production workspace from Rust 2018 to 2021, and what to watch for when 2024 lands in edition transitions.

Jun 8, 20247 min read
Best Practices

Azure Key Vault Rotation Patterns

Rotation is the Key Vault feature most teams nominally have and few actually operate. A walk through the patterns that work for secrets, keys, and certificates at scale.

May 18, 20248 min read
Best Practices

AWS AppConfig Dynamic Config Security

AppConfig ships configuration changes to running applications in seconds. That makes it a powerful tool and a compelling target. Here is how to run AppConfig safely.

Apr 30, 20247 min read
Best Practices

GCP Cloud Functions Supply Chain Risks

The supply-chain risks unique to GCP Cloud Functions: dependency resolution at deploy time, buildpack trust, runtime identity, and the audit trail the service does and does not give you.

Apr 15, 20247 min read
Best Practices

Django Security Best Practices, 2024 Edition

From SECRET_KEY hygiene to middleware ordering, the Django security checklist worth actually following in 2024, grounded in real CVEs and production incidents.

Apr 10, 20246 min read
Best Practices

AWS Lambda Layers: Supply Chain Risks

Lambda layers feel like a convenience but they are a supply chain attack surface that most teams do not treat as code. Here is how they get abused and what to do about it.

Mar 18, 20247 min read
Best Practices

Vault Supply Chain Integration Patterns

HashiCorp Vault is a Swiss Army knife for secrets, but most teams use it as a glorified key-value store. A walkthrough of the integration patterns that make Vault actually useful in a CI/CD supply chain.

Mar 15, 20247 min read
Best Practices

Azure Functions Supply Chain Security

Azure Functions hide a surprising amount of supply chain risk — Oryx builds, run-from-package, extension bundles, and the way deployment slots interact with identity.

Mar 12, 20248 min read
best-practices (Page 8) — Safeguard Blog