Safeguard
Tag

Policy

Safeguard articles tagged "Policy" — guides, analysis, and best practices for software supply chain and application security.

23 articles

Tutorials

How to Set Up a Vulnerability Policy Gate

Define a written, version-controlled policy for which vulnerabilities block a release, enforce it consistently across CLI and CI, and manage time-boxed exceptions without an allowlist that lives forever.

Jul 6, 20265 min read
Tutorials

How to Add Security Scanning to Your CI/CD Pipeline

Wire dependency, container, and secret scanning into GitHub Actions or GitLab CI as a required check that blocks risky merges — with working workflow files and sensible thresholds.

Jul 3, 20266 min read
Threat Intelligence

Ransomware vs. Hospitals: The 2026 Healthcare Surge and the Push to Call It Terrorism

Healthcare ransomware dipped in volume in May 2026 but kept climbing in impact, and a former FBI cyber chief is asking Congress to treat hospital ransomware as terrorism. We weigh the policy debate against what actually protects patients.

Jun 20, 20267 min read
Cloud Security

GCP Binary Authorization Enforcement Runbook 2026

A practical 2026 runbook for enforcing GCP Binary Authorization in production, including attestation pipelines, break-glass procedures, and rollout sequencing.

Apr 30, 20265 min read
Tools

Kyverno vs OPA Gatekeeper: A Buyer Comparison for 2026

A practical comparison of Kyverno 1.13 and OPA Gatekeeper 3.18 for Kubernetes policy enforcement, covering language, performance, ecosystem, and operational fit.

Mar 4, 20266 min read
Tutorials

Getting Started: Safeguard GitHub Actions Gate

Set up the Safeguard GitHub Action to block risky pull requests on dependency vulnerabilities, license violations, and policy breaches before merge.

Feb 14, 20267 min read
Container Security

Kubernetes Admission Controller Policy Patterns in 2026

A field guide to the admission control patterns that survived contact with production clusters: validating webhooks, image policy, mutating defaults, and what to skip.

Feb 11, 20266 min read
Architecture

Safeguard Policy Evaluation Engine

How Safeguard's policy engine evaluates thousands of rules per artifact with predictable latency — the compiler, the cache layer, and the decision trail.

Feb 8, 20268 min read
DevSecOps

Git Hooks as Supply Chain Controls in 2026

Server-side and client-side git hooks are an underused control surface for supply chain risk. Here is what to enforce, where to enforce it, and what to leave alone.

Jan 22, 20266 min read
Container Security

K8s Admission Controllers for Supply Chain Policy

How to design Kubernetes admission controllers that enforce supply chain policy without turning every deploy into a 30-minute argument with the cluster.

Jan 13, 20266 min read
Container Security

Service Mesh for Supply Chain Policy Enforcement

Using Istio, Linkerd, and Cilium service mesh to enforce signed-artifact, SPIFFE identity, and provenance-aware policy in production clusters.

May 24, 20255 min read
AI Security

OpenAI Preparedness Framework v2: April 2025 Update

OpenAI released Preparedness Framework v2 on April 15, 2025 with sharper thresholds, an AI self-improvement category, and clearer disclosure requirements. We unpack the operational changes.

Apr 25, 20257 min read
Policy — Safeguard Blog