Safeguard
Tag

verification

Safeguard articles tagged "verification" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Regulatory Compliance

OWASP ASVS 5.0 Adoption Guide

OWASP ASVS 5.0 restructured the verification levels and added new requirements for modern stacks. A practical adoption guide for teams using ASVS as their security baseline.

Jun 3, 20256 min read
SBOM & Compliance

Provenance Attestation Consumer Workflow

Generating provenance is half the story. Consuming it correctly, at the right points in the pipeline, is where the security value actually materialises.

Nov 20, 20247 min read
Open Source Security

How to Verify a PyPI Package Before Install

A practical pre-install verification workflow for PyPI packages covering sigstore attestations, maintainer checks, and sdist auditing.

Dec 5, 20235 min read
Software Supply Chain Security

Maven Plugin Verification: Trusting Your Build-Time Dependencies

Maven plugins execute during your build with full system access. Verifying them is harder than verifying runtime dependencies, and most teams skip it.

Apr 15, 20234 min read
Software Supply Chain Security

Software Update Signing and Verification: Getting It Right

Signed updates are table stakes for software distribution. But the signing and verification process has pitfalls that undermine the entire security model.

Nov 8, 20225 min read
Build Security

Build Reproducibility: A Verification Guide

If you cannot reproduce a build bit-for-bit, you cannot verify it was not tampered with. This guide covers deterministic builds, reproducibility verification, and why it matters for supply chain trust.

Oct 25, 20227 min read
DevSecOps

Reproducible Builds: The Gold Standard for Supply Chain Integrity

If you can't rebuild a binary from source and get the same result, you can't verify that the binary matches the source. Reproducible builds close this fundamental trust gap.

Aug 1, 20228 min read
DevSecOps

Sigstore and Cosign: Software Signing for the Rest of Us

Sigstore makes software signing accessible by eliminating the pain of key management. Here's how Cosign, Fulcio, and Rekor work together to verify software integrity.

Oct 25, 20216 min read
verification — Safeguard Blog