Safeguard
Tag

cloud-security

Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.

290 articles

Cloud Security

CI/CD pipeline security vulnerability trends

CI/CD pipelines now hold the keys attackers want most. Here's what tj-actions, Ultralytics, and Jenkins CVE-2024-23897 reveal about the trend.

Nov 3, 20257 min read
Cloud Security

GitHub Actions workflow injection vulnerabilities

How GitHub Actions workflow injection lets attackers hijack CI pipelines via untrusted input, real CVEs like CVE-2025-30066, and how to detect it.

Nov 3, 20257 min read
Cloud Security

Jenkins plugin vulnerability trends report

Jenkins plugin CVEs keep piling up—missing permission checks, CSRF gaps, and a critical CVE-2024-23897 that attackers scanned for within days.

Nov 2, 20256 min read
Cloud Security

OpenTofu and Terraform provider supply chain risk

Terraform and OpenTofu providers run unsandboxed with full pipeline credentials. Here's where the provider supply chain actually breaks down.

Nov 1, 20257 min read
Cloud Security

AWS TEAM CVE-2025-1969: Spoofed Approvals in IAM Identity Center

AWS Security Bulletin AWS-2025-004 disclosed an input validation flaw in Temporary Elevated Access Management that let users forge approvals. Here's what changed and how to harden TEAM 1.2.2.

Oct 2, 20256 min read
Container Security

Prisma Cloud vs Wiz: Supply Chain Features

Both Prisma Cloud and Wiz have expanded into supply chain territory from cloud security origins. A head-to-head on what each actually delivers on the supply chain dimension.

Oct 2, 20255 min read
Cloud Security

CNAPPs in 2025: What Cloud-Native Application Protection Platforms Actually Protect

CNAPP has become the dominant category in cloud security. But the label covers wildly different capabilities. A clear-eyed look at what CNAPPs do, where they fall short, and how supply chain security fits in.

Sep 5, 20257 min read
Security Concepts

Application Security vs Network Security: Where the Line Is

Application security vs network security comes down to what layer you're defending — code and logic versus traffic and perimeter — and most breaches now happen in the gap between them.

Sep 3, 20255 min read
Cloud Security

How Snyk IaC's static analysis engine parses Terraform HC...

A technical walkthrough of how Snyk IaC parses Terraform HCL into JSON, evaluates it with OPA/Rego policies, and maps violations back to source lines.

Sep 3, 20257 min read
Cloud Security

How Snyk IaC's 400+ rule library maps to CIS benchmarks a...

How Snyk IaC's 400+ rules trace to numbered CIS AWS, Azure, GCP, and Kubernetes benchmark controls — and where benchmark-mapped scanning stops short.

Sep 3, 20258 min read
Cloud Security

How to write a custom Snyk IaC rule in Rego using the Rul...

A technical walkthrough of Snyk's IaC Rules SDK: scaffolding, writing Rego deny rules, local testing, bundling, and org-wide enforcement via OCI registries.

Sep 2, 20258 min read
Cloud Security

How Snyk IaC's Terraform Cloud run tasks gate infrastruct...

How Snyk IaC uses Terraform Cloud's run tasks to scan plan output and block infrastructure changes before apply — the mechanics, enforcement levels, and limits.

Sep 2, 20257 min read
cloud-security (Page 21) — Safeguard Blog