Safeguard
Tag

cloud-security

Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.

290 articles

Cloud Security

How Snyk IaC scans a Terraform Plan JSON file to catch dr...

How Snyk IaC parses Terraform plan JSON's resource_changes to catch drift and misconfigurations before terraform apply — the mechanics, limits, and what it can't see.

Sep 2, 20257 min read
Cloud Security

How Snyk IaC correlates code-level misconfigurations with...

How Snyk's Cloud Context feature joins Terraform and CloudFormation misconfigurations to live AWS, Azure, and GCP resources — and where that correlation model breaks down.

Sep 1, 20257 min read
Cloud Security

How Snyk IaC's severity scoring weighs the exploitability...

A mechanical look at how Snyk IaC assigns Critical-to-Low severity to misconfigurations, and how exploitability factors like exposure and privilege requirements shape the rating.

Sep 1, 20257 min read
Cloud Security

How Snyk IaC's custom rule SDK structures resource-attrib...

A technical look at how Snyk IaC's Rego-based SDK normalizes Terraform, CloudFormation, Kubernetes, and ARM into one resource-attribute query model.

Sep 1, 20256 min read
Cloud Security

How Snyk IaC handles Terraform modules and remote module ...

How Snyk IaC statically parses Terraform, resolves local modules inline, and why remote Registry or Git modules stay unexpanded until a Terraform plan is scanned.

Aug 31, 20257 min read
Cloud Security

How an organization's custom policy set overrides Snyk Ia...

How Snyk IaC's Rego-based custom rules layer onto, disable, or supplement default policies — and what that means for enforcing org-specific IaC standards.

Aug 31, 20257 min read
Cloud Security

How Snyk IaC detects overly permissive IAM policies in Te...

A mechanical walkthrough of how Snyk IaC parses Terraform and CloudFormation, normalizes IAM policies into one model, and flags wildcard actions, resources, and principals before deploy.

Aug 31, 20256 min read
Cloud Security

How Snyk IaC identifies unencrypted storage resources acr...

Snyk IaC flags unencrypted S3 buckets, Azure Storage, and GCP disks by parsing Terraform and CloudFormation for missing encryption attributes before deployment.

Aug 31, 20258 min read
Cloud Security

Cloud Cyber Security: The Fundamentals Teams Skip

The cloud cyber security fundamentals teams reliably skip — identity sprawl, misconfigured storage, and compliance standards treated as a checkbox instead of a control.

Aug 14, 20255 min read
Container Security

Why Cloud Security Ownership Keeps Falling Into the Gap B...

Misconfigurations sit unpatched for months because three teams each assume someone else owns them. Here's why the cloud security ownership gap keeps widening.

Aug 5, 20257 min read
Container Security

IaC Drift: The Gap Between Declared and Actual Cloud Conf...

IaC drift lets your cloud diverge silently from Terraform state, breaking the compliance guarantees teams assume are still true. Here's how it happens and how to catch it.

Aug 4, 20256 min read
Container Security

Startups vs Enterprises: Why Smaller Cloud Footprints Are...

Smaller cloud footprints feel safer, but startups often face a higher per-workload security incident rate than enterprises. Here's why size is the wrong safety proxy.

Aug 4, 20258 min read
cloud-security (Page 22) — Safeguard Blog