Safeguard
Tag

policy-as-code

Safeguard articles tagged "policy-as-code" — guides, analysis, and best practices for software supply chain and application security.

56 articles

Container Security

Kubernetes Admission Controllers for Security

Admission controllers are the policy chokepoint between a validated API request and a running workload. Used well, they enforce your entire security posture. Here is how validating webhooks, Kyverno, OPA, and the new CEL-based policies fit together.

Jul 7, 20265 min read
Cloud Security

Why You Need a Kubernetes Admission Controller

RBAC decides who can call the Kubernetes API — it has no concept of what a pod spec contains, which is why privileged containers still slip through into clusters every day.

Jul 7, 20266 min read
DevSecOps

Foundations for adopting AI coding tools securely in an engineering org

One engineering team cut critical vulnerability remediation from a week to 24 hours after wiring security checks into AI coding tools at the moment of code generation.

Jul 7, 20268 min read
DevSecOps

Policy as Code for Security: A Practical Guide

When your security rules live in a wiki, they are advice. When they live in version-controlled code the pipeline enforces, they are controls. Here is how to move security policy into code that actually runs.

Jul 4, 20266 min read
DevSecOps

Security Gates in CI/CD: How to Block Risk Without Blocking Delivery

A security gate that fails every build gets disabled by Friday. Here is how to design CI/CD security gates that stop real risk, stay fast, and keep developers on your side.

Jul 2, 20266 min read
Solutions

Software Supply Chain Security for Platform Engineers

Platform engineers turn security from a request into a default. Here is how to build supply chain guardrails into the paved road so the secure path is also the fast one.

Jul 1, 20266 min read
Infrastructure Security

Terraform Cloud security integration guide

A practical breakdown of Terraform Cloud security: state file exposure, Sentinel/OPA policy gaps, Run Tasks trust risks, and drift monitoring.

Jun 19, 20267 min read
Infrastructure Security

Introduction to Open Policy Agent and Rego

A concrete walkthrough of Open Policy Agent and Rego — how OPA evaluates decisions, a runnable policy example, and where it fits in supply chain security.

Jun 18, 20268 min read
Infrastructure Security

Policy as code for cloud security guardrails

Policy as code turns cloud security guardrails into version-controlled, testable rules enforced automatically across IaC, Kubernetes, and CI/CD pipelines.

Jun 18, 20266 min read
Infrastructure Security

Pulumi security scanning best practices

Pulumi programs run as real code with live cloud credentials -- here's how to secure state files, dependencies, CrossGuard policy, and CI/CD.

Jun 17, 20267 min read
DevSecOps

Policy-as-code for CI/CD: enforcing security gates withou...

How policy-as-code turns security gates from build-breaking friction into fast, git-versioned CI/CD checks — and where Safeguard's approach differs from JFrog's Xray and Curation model.

May 28, 20268 min read
Cloud Security

When Configuration Is the Vulnerability: Microsoft's May 2026 Look at Exposed AI Apps on Kubernetes

Microsoft's May 14, 2026 research found AI frameworks shipping Helm charts that expose web UIs on internet-facing LoadBalancers with no authentication and cluster-admin service accounts. Mage AI on port 6789 was the headline, but it was far from alone.

May 15, 202613 min read
policy-as-code (Page 3) — Safeguard Blog