Safeguard
Tag

serverless

Safeguard articles tagged "serverless" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Cloud Security

Azure Functions extensions as a supply chain entry point in 2026

Binding extensions and isolated worker SDK packages run with the function's managed identity. Here is how to evaluate and gate them in 2026.

May 12, 20267 min read
Cloud Security

AWS Lambda Layers as a supply chain trust surface in 2026

Lambda Layers feel like a packaging convenience, but org-shared and public layers carry code that runs with your function's IAM role. Here is the 2026 control set.

May 12, 20267 min read
Cloud Security

IBM Cloud Code Engine: A Supply Chain Defender's Walkthrough

Code Engine abstracts away Kubernetes for Knative-style serverless workloads on IBM Cloud. The supply chain story is different from what most defenders bring from AWS or GCP.

Feb 4, 20268 min read
Container Security

Firecracker micro-VM Security Model

AWS built Firecracker to run Lambda. The security model is the entire value proposition, and it holds up under scrutiny.

Jun 28, 20246 min read
Best Practices

AWS Lambda Layers: Supply Chain Risks

Lambda layers feel like a convenience but they are a supply chain attack surface that most teams do not treat as code. Here is how they get abused and what to do about it.

Mar 18, 20247 min read
Best Practices

Azure Functions Supply Chain Security

Azure Functions hide a surprising amount of supply chain risk — Oryx builds, run-from-package, extension bundles, and the way deployment slots interact with identity.

Mar 12, 20248 min read
DevSecOps

AWS SAM Template Security Considerations

SAM templates look simple and that is exactly the problem. The defaults are generous, the transforms are opaque, and the resulting stacks are often more privileged than anyone intended.

Feb 28, 20247 min read
Cloud Security

Serverless Security: Supply Chain Risks in Lambda, Cloud Functions, and Azure Functions

Serverless architectures shift the attack surface from infrastructure to application dependencies. This guide covers the unique supply chain risks of serverless and how to address them.

May 18, 20237 min read
SBOM

SBOMs for Serverless Applications: What Changes and What Doesn't

Serverless doesn't mean dependency-free. Here's how to generate and manage SBOMs for Lambda functions, Azure Functions, and Cloud Functions.

Feb 12, 20236 min read
serverless — Safeguard Blog