service-accounts
Safeguard articles tagged "service-accounts" — guides, analysis, and best practices for software supply chain and application security.
5 articles
GCP IAM security best practices
GCP IAM misconfigurations, not exploits, cause most cloud breaches. Here is how to enforce least privilege, lock down service accounts, and audit access.
Confused Deputy Attacks on CI/CD Service Accounts
Build systems hold broad trust and tight deadlines, which makes them perfect confused deputies. Here is how the attack pattern shows up in modern CI/CD and how to defang it.
K8s RBAC Blast Radius in Supply Chain Attacks
How Kubernetes RBAC determines what a supply chain attack can actually do once a compromised workload runs, and the RBAC patterns that meaningfully reduce blast radius.
How to implement least privilege for GCP service accounts
A step-by-step guide to auditing, scoping, and enforcing least privilege service accounts GCP-wide — including key rotation and IAM audit workflows.
Applying least-privilege principles to GCP IAM roles
Predefined roles, custom roles, IAM Recommender, and service account hygiene: a practical guide to applying GCP IAM least privilege without breaking production.