Safeguard
Tag

hardening

Safeguard articles tagged "hardening" — guides, analysis, and best practices for software supply chain and application security.

23 articles

Application Security

The most common Spring Boot security misconfigurations, and how to fix them

CVE-2026-40976 let anonymous users hit /actuator/env and /actuator/heapdump on default Spring Boot 4 filter chains, CVSS 9.1 — here's how to actually harden Spring Boot.

Jul 8, 20266 min read
Security Guides

OWASP A05: Security Misconfiguration — A Deep-Dive Guide

Security Misconfiguration ranks #5 in the OWASP Top 10 (2021) and absorbed XXE. A deep dive into defaults, exposed services, real CVEs, and how to fix them.

Jul 3, 20266 min read
Container Security

Pod Security Standards: The Complete Guide

PodSecurityPolicy is gone. Pod Security Admission and the three Pod Security Standards are how you enforce baseline and restricted profiles in modern Kubernetes — here is how to adopt them without breaking workloads.

Jul 3, 20265 min read
DevSecOps

Azure DevOps Pipeline Supply Chain Hardening 2026

A 2026 hardening guide for Azure DevOps Pipelines: service connections, workload identity federation, approval gates, agent isolation, and SLSA integration.

May 6, 20265 min read
Guides

How to Harden a Dockerfile in 10 Practical Steps

Ten concrete Dockerfile changes — digest pinning, multi-stage builds, non-root users, BuildKit secrets, SBOM attestations — that remove whole classes of container risk.

Apr 20, 20266 min read
DevSecOps

Drone CI Supply Chain Hardening 2026

A 2026 hardening guide for Drone CI: plugin trust, runner isolation, signed pipelines, secret scoping, and integrating Drone with SLSA and sigstore.

Apr 19, 20266 min read
Container Security

Container Registry Security Hardening Checklist for 2026

A concrete hardening checklist for container registries in 2026, covering authentication, signing, scanning, retention, and the operational details that actually matter.

Apr 2, 20265 min read
DevSecOps

Jenkins Supply Chain Security Baseline 2026

A 2026 supply chain security baseline for Jenkins: plugin hygiene, agent isolation, Pipeline-as-Code discipline, credentials, and provenance integration.

Mar 28, 20266 min read
DevSecOps

GitLab CI Supply Chain Hardening Checklist 2026

A 2026 hardening checklist for GitLab CI: ID tokens, protected branches, runner isolation, included templates, and the controls that actually shrink blast radius.

Mar 19, 20265 min read
DevSecOps

GitHub Actions Supply Chain Hardening Checklist 2026

A pragmatic 2026 hardening checklist for GitHub Actions: OIDC, pinned actions, environment protection, reusable workflows, and the controls that actually move risk.

Mar 12, 20265 min read
Compliance

CIS Benchmarks

A precise definition of CIS Benchmarks, how they differ from CIS Controls, and what compliance scanning against them looks like in real environments.

Feb 23, 20267 min read
DevSecOps

Container Hardening Guide 2025: From Base Image to Production

A practical guide to hardening container images and deployments. Covers base image selection, build-time security, runtime protections, and Kubernetes-specific controls.

May 5, 20256 min read
hardening — Safeguard Blog