DevSecOps
GN and Meson Build Systems: Security
A side-by-side security comparison of GN (Chromium) and Meson, covering declarative posture, wrap files, toolchain handling, and supply chain behavior.
Jun 22, 20247 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A side-by-side security comparison of GN (Chromium) and Meson, covering declarative posture, wrap files, toolchain handling, and supply chain behavior.
Central Package Management pulled NuGet's multi-project version chaos into a single source of truth. The security implications run deeper than the ergonomics suggest.
The libraries and services that sit between a merchant and the card networks carry concentrated risk. A practical look at what goes wrong, and how to build a dependency program that catches it.
CodePipeline is the glue between your source, build, and deploy. It is also the thing that gets the widest IAM role in most AWS accounts. Here is how to harden it without rewriting your pipelines.
How to surface software supply chain threats in Elastic Security using EQL, detection rules, and the Elastic Common Schema for build pipeline and registry events.
A practical walkthrough for signing container images with Cosign using keyless OIDC, verifying signatures, and enforcing policy in your Kubernetes cluster.
Lessons from hardening Cloud Build pipelines in production environments: private pools, least-privilege service accounts, provenance, and the controls that actually stop lateral movement.
AI-generated deepfakes are making social engineering attacks against software supply chains more convincing and harder to detect.
Auditing a .NET supply chain is a different exercise than auditing a JavaScript one, and the patterns that actually find problems are specific to how the ecosystem works.
Weekly insights on software supply chain security, delivered to your inbox.