google-cloud
Safeguard articles tagged "google-cloud" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Automating Security Controls on Google Cloud
Binary Authorization can block every unsigned container from reaching GKE or Cloud Run — but only if your pipeline is wired to sign images the moment they pass scanning.
GCP IAM security best practices
GCP IAM misconfigurations, not exploits, cause most cloud breaches. Here is how to enforce least privilege, lock down service accounts, and audit access.
Automating secret rotation in Google Cloud Secret Manager
A practical guide to automating GCP Secret Manager rotation—covering versioning, Cloud Functions, Cloud Scheduler, and rotating database credentials safely.
Applying least-privilege principles to GCP IAM roles
Predefined roles, custom roles, IAM Recommender, and service account hygiene: a practical guide to applying GCP IAM least privilege without breaking production.
Best practices for managing encryption keys with Google C...
A step-by-step guide to Cloud KMS best practices: key hierarchy, IAM scoping, envelope encryption, automated rotation, HSM protection levels, and audit logging.
How Container Threat Detection identifies runtime attacks...
How Container Threat Detection GCP watches GKE kernels for reverse shells, added binaries, and privilege escalation—and why runtime signals catch what image scanning can't.