Safeguard
Tag

migration

Safeguard articles tagged "migration" — guides, analysis, and best practices for software supply chain and application security.

12 articles

Tools

tfsec to Trivy IaC: 2026 Migration Playbook

tfsec has been folded into Trivy for over a year and Aqua has stopped feature work on tfsec. We migrated three platforms in 2026 and documented what actually breaks.

Mar 26, 20266 min read
SBOM

CycloneDX 1.7 Migration Guide From 1.5

A practical migration path from CycloneDX 1.5 to 1.7 covering schema changes, machine learning BOM additions, formulation, and the tooling adjustments required.

Mar 22, 20265 min read
Software Supply Chain Security

Post-Quantum Cryptography Migration for Software Supply Chains

NIST finalized ML-KEM, ML-DSA, and SLH-DSA in 2024. Here's what it means for Sigstore, package registry signing, TLS, and the harvest-now-decrypt-later problem.

Feb 28, 20267 min read
Tools

Cosign v3.0 Migration Guide for Production Teams

Sigstore Cosign v3.0 flips four behaviours to defaults: bundle format, trusted root, signing config, and statement-based attestations. Here's a clean upgrade plan.

Feb 25, 20265 min read
Best Practices

Data Pipeline Platform Migration Security

Moving from one orchestration platform to another surfaces hidden trust relationships. A security-first migration plan for Airflow, Dagster, and Prefect transitions.

Dec 22, 20247 min read
Best Practices

Rust Edition Migration Security Notes

Field notes from migrating a production workspace from Rust 2018 to 2021, and what to watch for when 2024 lands in edition transitions.

Jun 8, 20247 min read
SBOM & Compliance

Migrating SBOM Tooling Providers

A practical field guide to switching SBOM tooling vendors without losing historical data, breaking compliance reports, or annoying the auditors.

May 18, 20248 min read
DevSecOps

Migrating Jenkins to GitHub Actions: Security

A case study in moving a sprawling Jenkins estate to GitHub Actions without losing supply chain visibility, artifact integrity, or developer trust.

Apr 15, 20247 min read
Emerging Technology

Post-Quantum Cryptography Transition: A Practical Guide for Engineering Teams

NIST has finalized its post-quantum standards. Here's a hands-on guide for engineering teams beginning the migration from classical to quantum-resistant cryptography.

Mar 22, 20245 min read
Container Security

VM to Container: Supply Chain Implications of the Migration

What changes in your software supply chain when you move from virtual machines to containers, and how to adapt governance, scanning, and provenance accordingly.

Mar 8, 20247 min read
Application Security

Security Considerations When Migrating from Monolith to Microservices

Decomposing a monolith into microservices changes the attack surface fundamentally. The security model that worked for the monolith will not work for the distributed system.

Nov 18, 20237 min read
Dependency Management

Managing End-of-Life Software Dependencies

Every dependency eventually reaches end of life. Here is a practical framework for identifying, tracking, and migrating away from EOL software before it becomes a security liability.

Jun 22, 20227 min read
migration — Safeguard Blog