gcp-security
Safeguard articles tagged "gcp-security" — guides, analysis, and best practices for software supply chain and application security.
6 articles
GCP IAM Best Practices: Least Privilege on Google Cloud
Principle-driven Google Cloud IAM guidance: avoiding primitive roles, service account hygiene, Workload Identity Federation, the IAM Recommender, and inheritance — with gcloud and Terraform examples.
GCP Security Best Practices for 2026
A hands-on Google Cloud hardening guide: resource hierarchy and Organization Policy, least-privilege IAM, VPC Service Controls, CMEK, and Security Command Center — with Terraform and gcloud examples.
Managing and securing GCP service account keys
A practical, step-by-step guide to GCP service account key security: disable key creation, adopt impersonation, rotate remaining keys, and monitor for misuse.
What Software Delivery Shield does for end-to-end supply ...
A breakdown of what Google Cloud's Software Delivery Shield actually does — SLSA provenance, SBOM generation, Binary Authorization — and where its coverage gaps still leave supply chains exposed.
Securing Cloud Build pipelines and generating SLSA proven...
How to secure Cloud Build supply chain security with least-privilege service accounts and SLSA provenance so tampered builds never reach production.
Using VPC Service Controls to prevent secret exfiltration...
VPC Service Controls create a hard perimeter around Secret Manager, blocking exfiltration even when credentials are compromised or IAM is misconfigured.