cloud-security
Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.
290 articles
Scanning AWS CloudFormation templates for misconfigurations
CloudFormation deploys exactly what you write, misconfigurations included. Here's how scanning catches IAM, S3, and security group errors before they ship.
Policy as code for cloud security guardrails
Policy as code turns cloud security guardrails into version-controlled, testable rules enforced automatically across IaC, Kubernetes, and CI/CD pipelines.
Pulumi security scanning best practices
Pulumi programs run as real code with live cloud credentials -- here's how to secure state files, dependencies, CrossGuard policy, and CI/CD.
Cloud Security Posture Management (CSPM) explained
CSPM explained: what it checks, why Gartner created the category in 2019, how it differs from CWPP/CNAPP, and why raw findings alone don't stop breaches.
Applying CIS Benchmarks to cloud infrastructure
CIS Benchmarks turn "be secure" into testable checks for AWS, Azure, and GCP — here's how to move from annual audit to continuous enforcement.
Applying least privilege IAM in cloud-native environments
Least privilege IAM fails in practice because permissions are granted for convenience and rarely revoked. Here's how to fix that at cloud scale.
Securing managed Kubernetes clusters with IaC scanning
IaC scanning catches Kubernetes RBAC, network, and IAM misconfigurations in Terraform and Helm before they ever reach EKS, GKE, or AKS clusters.
Best CNAPP Platforms in 2026: An Honest Buyer's Guide
An honest, opinionated guide to the best CNAPP platforms in 2026 — Wiz, Prisma Cloud, Microsoft Defender for Cloud, CrowdStrike, Aqua, Orca, and Sysdig — plus where the cloud-native security category is heading on AI-SPM, runtime, and supply chain.
Container registries explained: Docker Hub vs private/ent...
Docker Hub vs. private/enterprise registries explained, with a look at where JFrog Artifactory fits — and why registry choice alone doesn't solve supply chain security.
Microsoft's durabletask PyPI Package Compromised (19 May 2026): A Linux Wiper and Multi-Cloud Credential Theft
On 19 May 2026, three malicious versions of Microsoft's durabletask PyPI package were uploaded in a 35-minute window. The payload steals AWS, Azure, GCP, and Kubernetes credentials in under four seconds and ships a locale-gated rm -rf wiper.
CNAPP Security: What It Actually Covers
CNAPP bundles CSPM, CWPP, and vulnerability scanning under one label, but the exact scope varies widely by vendor — here's what a genuine CNAPP platform actually needs to cover.
FedRAMP authorization for cloud service providers explained
A concrete walkthrough of FedRAMP authorization for CSPs: impact levels, control counts, timelines, costs, FedRAMP 20x, and continuous monitoring deadlines.