Container Security
Azure Container Registry Trust Model
What Azure Container Registry actually guarantees about the images you pull — signing, attestation, content trust, and where the trust chain breaks in practice.
Jul 28, 20247 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
What Azure Container Registry actually guarantees about the images you pull — signing, attestation, content trust, and where the trust chain breaks in practice.
What really happens to your software supply chain when you decompose a monolith into services, and how to avoid trading one risk for forty new ones.
A technical reconstruction of the July 19 CrowdStrike Falcon sensor crash that grounded 8.5M Windows hosts, and what supply chain owners should change.
Open banking depends on a tangle of SDKs, certificate authorities, and directory services. What PSD2, the UK's Open Banking Standard, and the emerging US framework mean for supply chain security.
A look at how crates.io handles authentication, yanking, namespace squatting, and the supply chain risks that remain in mid-2024.
How to use GCP Workload Identity Federation to eliminate long-lived service account keys from your supply chain: GitHub Actions, GitLab CI, external builders, and the misconfigurations that silently undermine the design.
Practical supply chain lessons from running Nix and Nix flakes in production, including flake.lock handling, content-addressed derivations, and cachix trust.
FastAPI's dependency surface is deceptively large. Here is how to lock it down in practice, covering Starlette, Pydantic, Uvicorn, and the plugins you likely missed.
Azure Policy is the enforcement layer most Azure platforms underuse. A concrete, policy-by-policy guide to wiring it into supply chain controls that actually stick.
Weekly insights on software supply chain security, delivered to your inbox.