soc2
Safeguard articles tagged "soc2" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Using Reachability To Defend SOC 2 Audit Decisions
An auditor asks why you didn't fix CVE-X. The defensible answer involves reachability evidence. Without it, the conversation gets uncomfortable.
CI/CD Audit Pipeline Checklist 2026
An auditor's checklist for CI/CD pipelines in 2026 covering build provenance, secret management, runner isolation, and the evidence to collect for SOC 2 and FedRAMP.
Software Container Compliance: Meeting Standards Without Slowing Releases
Container compliance means proving your images and runtime meet the controls auditors ask for, continuously, without turning every deploy into a manual review.
SOC 2 Meets SSDF: A Practical Mapping
SOC 2 auditors are starting to ask about secure development practices. Here's how to map NIST SSDF tasks onto SOC 2 Trust Services Criteria without duplicating work.