Build Systems
Safeguard articles tagged "Build Systems" — guides, analysis, and best practices for software supply chain and application security.
9 articles
Software Supply Chain Side-Channel Attacks 2025
Side-channel attacks are moving from hardware into software supply chains, where build-time timing, error messages, and telemetry leak meaningful secrets.
Best SLSA-compliant build systems
A fair comparison of SLSA compliant build systems—GitHub Actions, Cloud Build, GitLab, Tekton Chains—with real strengths and limitations for Build Level 3.
Earthly Containerized Builds Supply Chain
Earthly combines container isolation with Makefile-style ergonomics. Here's what that means for supply chain posture, with real Earthfile examples.
Buck2 (Meta) Build Security Considerations
A security engineer's look at Buck2, Meta's open-source build system, including Starlark sandbox properties, remote execution, and actual supply chain guarantees.
Please Build System Security Review
A hands-on security review of Please, the open-source Bazel-inspired build system, including sandbox behavior, BUILD rules, and supply chain trade-offs.
GN and Meson Build Systems: Security
A side-by-side security comparison of GN (Chromium) and Meson, covering declarative posture, wrap files, toolchain handling, and supply chain behavior.
Pants Build Tool Security Posture
A practitioner's view of the Pants build system's security properties, covering sandboxing, third-party resolution, and the Pants 2.x architecture.
Penetration Testing CI/CD Pipelines
Your CI/CD pipeline is a high-value target. Here's how to pen test build systems, artifact repositories, and deployment workflows for supply chain vulnerabilities.
Ninja Build Supply Chain Considerations
Ninja is a low-level build tool, not a package manager. That framing matters for understanding its supply chain properties and common misconceptions.