Safeguard
Tag

policy-as-code

Safeguard articles tagged "policy-as-code" — guides, analysis, and best practices for software supply chain and application security.

56 articles

Tools

Checkov 3.2.x Field Review: IaC Scanning in 2026

Bridgecrew's Checkov is still shipping weekly patches in 2026. We ran 3.2.527 against a 38,000-line Terraform monorepo and graded coverage, noise, and CI cost.

May 8, 20266 min read
Infrastructure Security

Snyk and HashiCorp Terraform Cloud partnership

Snyk's HashiCorp Terraform Cloud integration gates IaC risk at plan time — here's what it covers, what it misses, and how reachability closes the gap.

Apr 23, 20266 min read
DevSecOps

CI/CD security and compliance integration

How CI/CD pipelines became the top supply chain attack surface, where scan-only tools like Anchore fall short on compliance evidence, and how Safeguard unifies both.

Mar 26, 20267 min read
Infrastructure Security

What is Policy as Code

Policy as code turns security and compliance rules into version-controlled, testable code enforced automatically in CI/CD, admission control, and runtime.

Mar 12, 20268 min read
DevSecOps

What is Security as Code

Security as code turns policies and controls into version-controlled, pipeline-enforced rules. Here's what it looks like, why it matters, and how to adopt it.

Mar 7, 20267 min read
Container Security

How to set up OPA Gatekeeper for Kubernetes admission con...

A step-by-step guide to OPA Gatekeeper Kubernetes admission control: install, write constraint templates, roll out safely, and verify enforcement.

Feb 8, 20267 min read
Buyer's Guides

Best Terraform security and compliance tools

A practical, no-hype comparison of Terraform security tools — Checkov, tfsec/Trivy, Terrascan, Sentinel, Snyk IaC, and more — plus how Safeguard fits in.

Nov 16, 20258 min read
Buyer's Guides

Best policy-as-code enforcement tools

A practical buyer's guide to policy as code tools -- OPA, Kyverno, Sentinel, Checkov, InSpec, and Styra -- with honest strengths, limits, and evaluation criteria.

Nov 12, 20258 min read
Buyer's Guides

Best Kubernetes admission control tools

A practical comparison of Kubernetes admission control tools — OPA/Gatekeeper, Kyverno, Kubewarden, Styra, jsPolicy, and Polaris — with real strengths, limits, and evaluation criteria.

Nov 12, 20258 min read
Containers

Writing a Container Security Policy That Actually Holds

Most container security policies get written once, ignored during the next sprint, and rediscovered during an audit — here's how to write one that engineers actually follow.

Nov 3, 20255 min read
Container Security

How Snyk Container's exclude and allow policies reduce no...

Snyk Container's exclude and allow policies scope ignore rules to specific paths and layers, filtering base-image noise without hiding real application risk.

Sep 3, 20257 min read
Cloud Security

How Snyk IaC's static analysis engine parses Terraform HC...

A technical walkthrough of how Snyk IaC parses Terraform HCL into JSON, evaluates it with OPA/Rego policies, and maps violations back to source lines.

Sep 3, 20257 min read
policy-as-code (Page 4) — Safeguard Blog