Best Practices
Infisical: An Open-Source Secrets Platform Review
A senior engineer's assessment of Infisical as a self-hostable secrets platform, covering architecture, operational posture, and where it fits in 2024.
May 30, 20247 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A senior engineer's assessment of Infisical as a self-hostable secrets platform, covering architecture, operational posture, and where it fits in 2024.
Rails application templates are powerful and dangerous: how they execute, what they can touch, and how to use them safely for new-project scaffolding.
Rotation is the Key Vault feature most teams nominally have and few actually operate. A walk through the patterns that work for secrets, keys, and certificates at scale.
A practical TPRM program for software vendors covering intake, tiering, annual review, SBOM ingestion, and continuous monitoring with staffing ratios and budgets.
Forensic procedures for a developer workstation that may have executed a malicious package, from live triage through full imaging.
AppConfig ships configuration changes to running applications in seconds. That makes it a powerful tool and a compelling target. Here is how to run AppConfig safely.
The supply-chain risks unique to GCP Cloud Functions: dependency resolution at deploy time, buildpack trust, runtime identity, and the audit trail the service does and does not give you.
A practical, hour-by-hour forensics playbook for responding to software supply chain incidents, from first alert through root cause and disclosure.
From SECRET_KEY hygiene to middleware ordering, the Django security checklist worth actually following in 2024, grounded in real CVEs and production incidents.
Weekly insights on software supply chain security, delivered to your inbox.