Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
OpenShift Pipelines (Tekton) plus Sigstore gives you keyless signing inside a regulated cluster. The integration patterns are subtle. We map the ones that survive audit.
After November and December 2025 outages, Cloudflare declared Code Orange and shipped a Health Mediated Deployment system, break-glass dependency audits, and graceful-degradation rewrites.
Artifact Analysis on Artifact Registry produces a steady stream of findings. The discipline is in what you do with them. We map the workflows that actually reduce risk.
A ClickHouse permissions change caused Cloudflare's Bot Management feature file to balloon past a hard-coded proxy limit, taking the core network down for two hours and ten minutes.
AWS Security Bulletin AWS-2025-004 disclosed an input validation flaw in Temporary Elevated Access Management that let users forge approvals. Here's what changed and how to harden TEAM 1.2.2.
Wiz documented active exploitation of Pandoc CVE-2025-51591 to reach the AWS IMDS through iframe rendering. Here is the kill chain and the production controls that contained it.
AWS published Security Bulletin AWS-2025-021 warning that EC2 instances may interact with unexpected AWS accounts through the Instance Metadata Service. Here is the technical impact and the IMDSv2 enforcement plan.
CNAPP has become the dominant category in cloud security. But the label covers wildly different capabilities. A clear-eyed look at what CNAPPs do, where they fall short, and how supply chain security fits in.
Static analysis catches known vulnerabilities. Runtime detection catches exploitation. Here is how to implement runtime threat detection for containerized workloads.
Weekly insights on software supply chain security, delivered to your inbox.