migration
Safeguard articles tagged "migration" — guides, analysis, and best practices for software supply chain and application security.
12 articles
tfsec to Trivy IaC: 2026 Migration Playbook
tfsec has been folded into Trivy for over a year and Aqua has stopped feature work on tfsec. We migrated three platforms in 2026 and documented what actually breaks.
CycloneDX 1.7 Migration Guide From 1.5
A practical migration path from CycloneDX 1.5 to 1.7 covering schema changes, machine learning BOM additions, formulation, and the tooling adjustments required.
Post-Quantum Cryptography Migration for Software Supply Chains
NIST finalized ML-KEM, ML-DSA, and SLH-DSA in 2024. Here's what it means for Sigstore, package registry signing, TLS, and the harvest-now-decrypt-later problem.
Cosign v3.0 Migration Guide for Production Teams
Sigstore Cosign v3.0 flips four behaviours to defaults: bundle format, trusted root, signing config, and statement-based attestations. Here's a clean upgrade plan.
Data Pipeline Platform Migration Security
Moving from one orchestration platform to another surfaces hidden trust relationships. A security-first migration plan for Airflow, Dagster, and Prefect transitions.
Rust Edition Migration Security Notes
Field notes from migrating a production workspace from Rust 2018 to 2021, and what to watch for when 2024 lands in edition transitions.
Migrating SBOM Tooling Providers
A practical field guide to switching SBOM tooling vendors without losing historical data, breaking compliance reports, or annoying the auditors.
Migrating Jenkins to GitHub Actions: Security
A case study in moving a sprawling Jenkins estate to GitHub Actions without losing supply chain visibility, artifact integrity, or developer trust.
Post-Quantum Cryptography Transition: A Practical Guide for Engineering Teams
NIST has finalized its post-quantum standards. Here's a hands-on guide for engineering teams beginning the migration from classical to quantum-resistant cryptography.
VM to Container: Supply Chain Implications of the Migration
What changes in your software supply chain when you move from virtual machines to containers, and how to adapt governance, scanning, and provenance accordingly.
Security Considerations When Migrating from Monolith to Microservices
Decomposing a monolith into microservices changes the attack surface fundamentally. The security model that worked for the monolith will not work for the distributed system.
Managing End-of-Life Software Dependencies
Every dependency eventually reaches end of life. Here is a practical framework for identifying, tracking, and migrating away from EOL software before it becomes a security liability.