policy-as-code
Safeguard articles tagged "policy-as-code" — guides, analysis, and best practices for software supply chain and application security.
56 articles
Kubernetes Admission Controllers for Security
Admission controllers are the policy chokepoint between a validated API request and a running workload. Used well, they enforce your entire security posture. Here is how validating webhooks, Kyverno, OPA, and the new CEL-based policies fit together.
Why You Need a Kubernetes Admission Controller
RBAC decides who can call the Kubernetes API — it has no concept of what a pod spec contains, which is why privileged containers still slip through into clusters every day.
Foundations for adopting AI coding tools securely in an engineering org
One engineering team cut critical vulnerability remediation from a week to 24 hours after wiring security checks into AI coding tools at the moment of code generation.
Policy as Code for Security: A Practical Guide
When your security rules live in a wiki, they are advice. When they live in version-controlled code the pipeline enforces, they are controls. Here is how to move security policy into code that actually runs.
Security Gates in CI/CD: How to Block Risk Without Blocking Delivery
A security gate that fails every build gets disabled by Friday. Here is how to design CI/CD security gates that stop real risk, stay fast, and keep developers on your side.
Software Supply Chain Security for Platform Engineers
Platform engineers turn security from a request into a default. Here is how to build supply chain guardrails into the paved road so the secure path is also the fast one.
Terraform Cloud security integration guide
A practical breakdown of Terraform Cloud security: state file exposure, Sentinel/OPA policy gaps, Run Tasks trust risks, and drift monitoring.
Introduction to Open Policy Agent and Rego
A concrete walkthrough of Open Policy Agent and Rego — how OPA evaluates decisions, a runnable policy example, and where it fits in supply chain security.
Policy as code for cloud security guardrails
Policy as code turns cloud security guardrails into version-controlled, testable rules enforced automatically across IaC, Kubernetes, and CI/CD pipelines.
Pulumi security scanning best practices
Pulumi programs run as real code with live cloud credentials -- here's how to secure state files, dependencies, CrossGuard policy, and CI/CD.
Policy-as-code for CI/CD: enforcing security gates withou...
How policy-as-code turns security gates from build-breaking friction into fast, git-versioned CI/CD checks — and where Safeguard's approach differs from JFrog's Xray and Curation model.
When Configuration Is the Vulnerability: Microsoft's May 2026 Look at Exposed AI Apps on Kubernetes
Microsoft's May 14, 2026 research found AI frameworks shipping Helm charts that expose web UIs on internet-facing LoadBalancers with no authentication and cluster-admin service accounts. Mage AI on port 6789 was the headline, but it was far from alone.