cloud-security
Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.
290 articles
CI/CD pipeline security vulnerability trends
CI/CD pipelines now hold the keys attackers want most. Here's what tj-actions, Ultralytics, and Jenkins CVE-2024-23897 reveal about the trend.
GitHub Actions workflow injection vulnerabilities
How GitHub Actions workflow injection lets attackers hijack CI pipelines via untrusted input, real CVEs like CVE-2025-30066, and how to detect it.
Jenkins plugin vulnerability trends report
Jenkins plugin CVEs keep piling up—missing permission checks, CSRF gaps, and a critical CVE-2024-23897 that attackers scanned for within days.
OpenTofu and Terraform provider supply chain risk
Terraform and OpenTofu providers run unsandboxed with full pipeline credentials. Here's where the provider supply chain actually breaks down.
AWS TEAM CVE-2025-1969: Spoofed Approvals in IAM Identity Center
AWS Security Bulletin AWS-2025-004 disclosed an input validation flaw in Temporary Elevated Access Management that let users forge approvals. Here's what changed and how to harden TEAM 1.2.2.
Prisma Cloud vs Wiz: Supply Chain Features
Both Prisma Cloud and Wiz have expanded into supply chain territory from cloud security origins. A head-to-head on what each actually delivers on the supply chain dimension.
CNAPPs in 2025: What Cloud-Native Application Protection Platforms Actually Protect
CNAPP has become the dominant category in cloud security. But the label covers wildly different capabilities. A clear-eyed look at what CNAPPs do, where they fall short, and how supply chain security fits in.
Application Security vs Network Security: Where the Line Is
Application security vs network security comes down to what layer you're defending — code and logic versus traffic and perimeter — and most breaches now happen in the gap between them.
How Snyk IaC's static analysis engine parses Terraform HC...
A technical walkthrough of how Snyk IaC parses Terraform HCL into JSON, evaluates it with OPA/Rego policies, and maps violations back to source lines.
How Snyk IaC's 400+ rule library maps to CIS benchmarks a...
How Snyk IaC's 400+ rules trace to numbered CIS AWS, Azure, GCP, and Kubernetes benchmark controls — and where benchmark-mapped scanning stops short.
How to write a custom Snyk IaC rule in Rego using the Rul...
A technical walkthrough of Snyk's IaC Rules SDK: scaffolding, writing Rego deny rules, local testing, bundling, and org-wide enforcement via OCI registries.
How Snyk IaC's Terraform Cloud run tasks gate infrastruct...
How Snyk IaC uses Terraform Cloud's run tasks to scan plan output and block infrastructure changes before apply — the mechanics, enforcement levels, and limits.