Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1053 articles

Container Security

Enforcing signed and attested container images with Binar...

A step-by-step guide to enforcing signed, attested container images in GKE with Binary Authorization — from attestor setup to policy enforcement and troubleshooting.

Jan 12, 20268 min read
Vulnerability Analysis

Alibaba fastjson deserialization RCE (CVE-2022-25845)

A critical AutoType-bypass RCE in Alibaba fastjson (CVSS 9.8, EPSS ~99th pct) hits any app parsing untrusted JSON. Here's how to detect and fix it.

Jan 11, 20267 min read
Cloud Security

Managing and securing GCP service account keys

A practical, step-by-step guide to GCP service account key security: disable key creation, adopt impersonation, rotate remaining keys, and monitor for misuse.

Jan 11, 20268 min read
Cloud Security

What Software Delivery Shield does for end-to-end supply ...

A breakdown of what Google Cloud's Software Delivery Shield actually does — SLSA provenance, SBOM generation, Binary Authorization — and where its coverage gaps still leave supply chains exposed.

Jan 11, 20267 min read
Vulnerability Analysis

Apache Commons Collections deserialization gadget RCE (CVE-2015-7501)

A decade-old Apache Commons Collections deserialization gadget chain still enables unauthenticated RCE across legacy Java middleware. Here's how to find and fix it.

Jan 11, 20268 min read
SBOM

Generating SBOMs and provenance with GCP Artifact Analysis

A step-by-step guide to GCP SBOM generation using Artifact Analysis: scan container images, export SPDX/CycloneDX SBOMs, and attach SLSA provenance attestations.

Jan 11, 20267 min read
Vulnerability Analysis

OpenSSL BN_mod_sqrt infinite loop DoS (CVE-2022-0778)

CVE-2022-0778 lets attackers hang OpenSSL with a single malformed certificate. Here's the impact, affected versions, and how to remediate fast.

Jan 10, 20267 min read
Industry Analysis

The State of SBOM Adoption in 2026: Progress, Gaps, and Reality

SBOM adoption has grown rapidly, but maturity varies wildly. Here's where the industry actually stands heading into 2026.

Jan 10, 20266 min read
Cloud Security

Using GCP organization policy constraints to enforce secu...

GCP organization policy security constraints turn security intent into enforceable guardrails across your resource hierarchy, closing gaps IAM alone cannot.

Jan 10, 20268 min read
DevSecOps

Securing Cloud Build pipelines and generating SLSA proven...

How to secure Cloud Build supply chain security with least-privilege service accounts and SLSA provenance so tampered builds never reach production.

Jan 10, 20267 min read
Container Security

Comparing security models of GKE Autopilot versus Standar...

GKE Autopilot security vs Standard clusters draw the shared-responsibility line very differently. Here's what changes for pod security and hardening.

Jan 9, 20267 min read
Vulnerability Analysis

runc container escape via file descriptor overwrite (CVE-2019-5736)

CVE-2019-5736 let malicious containers overwrite the host runc binary and gain root — here's the mechanism, affected versions, and how to remediate it.

Jan 9, 20267 min read
supply-chain-security (Page 53) — Safeguard Blog