cloud-build
Safeguard articles tagged "cloud-build" — guides, analysis, and best practices for software supply chain and application security.
5 articles
GCP Cloud Build + Workload Identity Federation
Workload Identity Federation is the right way to give Cloud Build and external CI access to GCP. Here is the architecture, the traps, and the rollout plan.
Securing Cloud Build pipelines and generating SLSA proven...
How to secure Cloud Build supply chain security with least-privilege service accounts and SLSA provenance so tampered builds never reach production.
Implementing keyless container image signing with Cosign ...
A hands-on guide to Cosign keyless signing GCP setups with Sigstore, Workload Identity Federation, and Cloud Build — sign and verify images with no key management.
GCP Cloud Build Hardening in Production
Lessons from hardening Cloud Build pipelines in production environments: private pools, least-privilege service accounts, provenance, and the controls that actually stop lateral movement.
Google Cloud Build Supply Chain Security: From Source to Deploy
How to secure your Cloud Build pipelines with SLSA provenance, Binary Authorization, and artifact verification for end-to-end supply chain integrity.