Open Source Security
Rust Procedural Macros: Security Risks
Proc macros are Rust code that runs at compile time with the privileges of the developer. They are one of the most underexamined pieces of the Rust supply chain.
Oct 28, 20246 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Proc macros are Rust code that runs at compile time with the privileges of the developer. They are one of the most underexamined pieces of the Rust supply chain.
A security engineer's look at Buck2, Meta's open-source build system, including Starlark sandbox properties, remote execution, and actual supply chain guarantees.
A year inside a financial services cloud migration, and how to keep your software supply chain intact when everything else about the environment changes.
CISA releases updated guidance on SBOM sharing practices, addressing the full lifecycle from generation to consumption across supplier and buyer relationships.
dotnet restore is supposed to be deterministic. In practice it is deterministic in ways that matter less and non-deterministic in ways that matter more.
Supply chain risks specific to GraphQL stacks: Apollo, graphql-js, persisted queries, introspection, and transitive risk in gateway federation.
CDK constructs are code that provisions infrastructure. Most teams audit the infrastructure but not the constructs. Here is how to think about construct library security and what to check.
Dagger programmatic pipelines offer genuine supply chain benefits when used well. Here are the patterns and pitfalls from running Dagger in production.
Database migrations touch every part of the software supply chain. This guide covers how to keep schemas, secrets, and data lineage secure during a platform change.
Weekly insights on software supply chain security, delivered to your inbox.