Policy
Safeguard articles tagged "Policy" — guides, analysis, and best practices for software supply chain and application security.
23 articles
How to Set Up a Vulnerability Policy Gate
Define a written, version-controlled policy for which vulnerabilities block a release, enforce it consistently across CLI and CI, and manage time-boxed exceptions without an allowlist that lives forever.
How to Add Security Scanning to Your CI/CD Pipeline
Wire dependency, container, and secret scanning into GitHub Actions or GitLab CI as a required check that blocks risky merges — with working workflow files and sensible thresholds.
Ransomware vs. Hospitals: The 2026 Healthcare Surge and the Push to Call It Terrorism
Healthcare ransomware dipped in volume in May 2026 but kept climbing in impact, and a former FBI cyber chief is asking Congress to treat hospital ransomware as terrorism. We weigh the policy debate against what actually protects patients.
GCP Binary Authorization Enforcement Runbook 2026
A practical 2026 runbook for enforcing GCP Binary Authorization in production, including attestation pipelines, break-glass procedures, and rollout sequencing.
Kyverno vs OPA Gatekeeper: A Buyer Comparison for 2026
A practical comparison of Kyverno 1.13 and OPA Gatekeeper 3.18 for Kubernetes policy enforcement, covering language, performance, ecosystem, and operational fit.
Getting Started: Safeguard GitHub Actions Gate
Set up the Safeguard GitHub Action to block risky pull requests on dependency vulnerabilities, license violations, and policy breaches before merge.
Kubernetes Admission Controller Policy Patterns in 2026
A field guide to the admission control patterns that survived contact with production clusters: validating webhooks, image policy, mutating defaults, and what to skip.
Safeguard Policy Evaluation Engine
How Safeguard's policy engine evaluates thousands of rules per artifact with predictable latency — the compiler, the cache layer, and the decision trail.
Git Hooks as Supply Chain Controls in 2026
Server-side and client-side git hooks are an underused control surface for supply chain risk. Here is what to enforce, where to enforce it, and what to leave alone.
K8s Admission Controllers for Supply Chain Policy
How to design Kubernetes admission controllers that enforce supply chain policy without turning every deploy into a 30-minute argument with the cluster.
Service Mesh for Supply Chain Policy Enforcement
Using Istio, Linkerd, and Cilium service mesh to enforce signed-artifact, SPIFFE identity, and provenance-aware policy in production clusters.
OpenAI Preparedness Framework v2: April 2025 Update
OpenAI released Preparedness Framework v2 on April 15, 2025 with sharper thresholds, an AI self-improvement category, and clearer disclosure requirements. We unpack the operational changes.