gcp
Safeguard articles tagged "gcp" — guides, analysis, and best practices for software supply chain and application security.
39 articles
Cloud Marketplace Listings Supply Chain Due Diligence
AWS, Azure, and GCP marketplaces ship software into your account in minutes. The due diligence has not kept pace. This is the 2026 buyer's checklist.
CloudFormation, Bicep, Terraform Supply Chain Evidence
IaC frameworks differ in how they generate supply chain evidence. This is the 2026 guide to audit-ready proof from CloudFormation, Bicep, and Terraform.
GCP Binary Authorization Attestation Verifier: Production Patterns
Binary Authorization in 2026 moved from breakglass-heavy gatekeeping to attestation-driven trust. We unpack how to design verifiers that scale across teams and clusters.
Multi-Cloud Software Supply Chain Abstractions
Running supply chain controls across AWS, Azure, and GCP means picking the right abstractions. Here is which ones hold up and which ones you will regret.
Cloud Supply Chain Security Across AWS, Azure, and GCP
Each major cloud provider approaches supply chain security differently. Here's a practical comparison and what it means for multi-cloud organizations.
GCP Artifact Analysis API for Vulnerability Triage
GCP's Artifact Analysis API is the most direct way to get scan results into your triage tooling. Here is how to use it without drowning your team.
GCP Cloud Build + Workload Identity Federation
Workload Identity Federation is the right way to give Cloud Build and external CI access to GCP. Here is the architecture, the traps, and the rollout plan.
GCP Artifact Registry Vulnerability Scanning: Integrating the Findings
Artifact Analysis on Artifact Registry produces a steady stream of findings. The discipline is in what you do with them. We map the workflows that actually reduce risk.
Enforcing signed and attested container images with Binar...
A step-by-step guide to enforcing signed, attested container images in GKE with Binary Authorization — from attestor setup to policy enforcement and troubleshooting.
Using GCP organization policy constraints to enforce secu...
GCP organization policy security constraints turn security intent into enforceable guardrails across your resource hierarchy, closing gaps IAM alone cannot.
Implementing keyless container image signing with Cosign ...
A hands-on guide to Cosign keyless signing GCP setups with Sigstore, Workload Identity Federation, and Cloud Build — sign and verify images with no key management.
Comparing IAM models across AWS, Azure, and GCP
A practical AWS vs Azure vs GCP IAM comparison of native controls, evaluation criteria, real vendor tools, and where third-party solutions fit in.