Safeguard
Tag

cloud-security

Safeguard articles tagged "cloud-security" — guides, analysis, and best practices for software supply chain and application security.

290 articles

Infrastructure Security

Scanning AWS CloudFormation templates for misconfigurations

CloudFormation deploys exactly what you write, misconfigurations included. Here's how scanning catches IAM, S3, and security group errors before they ship.

Jun 18, 20267 min read
Infrastructure Security

Policy as code for cloud security guardrails

Policy as code turns cloud security guardrails into version-controlled, testable rules enforced automatically across IaC, Kubernetes, and CI/CD pipelines.

Jun 18, 20266 min read
Infrastructure Security

Pulumi security scanning best practices

Pulumi programs run as real code with live cloud credentials -- here's how to secure state files, dependencies, CrossGuard policy, and CI/CD.

Jun 17, 20267 min read
Infrastructure Security

Cloud Security Posture Management (CSPM) explained

CSPM explained: what it checks, why Gartner created the category in 2019, how it differs from CWPP/CNAPP, and why raw findings alone don't stop breaches.

Jun 17, 20267 min read
Infrastructure Security

Applying CIS Benchmarks to cloud infrastructure

CIS Benchmarks turn "be secure" into testable checks for AWS, Azure, and GCP — here's how to move from annual audit to continuous enforcement.

Jun 16, 20268 min read
Infrastructure Security

Applying least privilege IAM in cloud-native environments

Least privilege IAM fails in practice because permissions are granted for convenience and rarely revoked. Here's how to fix that at cloud scale.

Jun 15, 20267 min read
Infrastructure Security

Securing managed Kubernetes clusters with IaC scanning

IaC scanning catches Kubernetes RBAC, network, and IAM misconfigurations in Terraform and Helm before they ever reach EKS, GKE, or AKS clusters.

Jun 15, 20267 min read
Buyer's Guides

Best CNAPP Platforms in 2026: An Honest Buyer's Guide

An honest, opinionated guide to the best CNAPP platforms in 2026 — Wiz, Prisma Cloud, Microsoft Defender for Cloud, CrowdStrike, Aqua, Orca, and Sysdig — plus where the cloud-native security category is heading on AI-SPM, runtime, and supply chain.

Jun 7, 20268 min read
Cloud Security

Container registries explained: Docker Hub vs private/ent...

Docker Hub vs. private/enterprise registries explained, with a look at where JFrog Artifactory fits — and why registry choice alone doesn't solve supply chain security.

May 31, 20268 min read
Supply Chain Attacks

Microsoft's durabletask PyPI Package Compromised (19 May 2026): A Linux Wiper and Multi-Cloud Credential Theft

On 19 May 2026, three malicious versions of Microsoft's durabletask PyPI package were uploaded in a 35-minute window. The payload steals AWS, Azure, GCP, and Kubernetes credentials in under four seconds and ships a locale-gated rm -rf wiper.

May 20, 202610 min read
Cloud Security

CNAPP Security: What It Actually Covers

CNAPP bundles CSPM, CWPP, and vulnerability scanning under one label, but the exact scope varies widely by vendor — here's what a genuine CNAPP platform actually needs to cover.

May 14, 20264 min read
Compliance

FedRAMP authorization for cloud service providers explained

A concrete walkthrough of FedRAMP authorization for CSPs: impact levels, control counts, timelines, costs, FedRAMP 20x, and continuous monitoring deadlines.

May 11, 20267 min read
cloud-security (Page 8) — Safeguard Blog