SBOM
SBOMs for Serverless Applications: What Changes and What Doesn't
Serverless doesn't mean dependency-free. Here's how to generate and manage SBOMs for Lambda functions, Azure Functions, and Cloud Functions.
Feb 12, 20236 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Serverless doesn't mean dependency-free. Here's how to generate and manage SBOMs for Lambda functions, Azure Functions, and Cloud Functions.
A vulnerability in GitHub's commit signature verification allowed attackers to forge signed commits. The flaw undermined the integrity guarantees that code signing is supposed to provide.
5G networks are software-defined infrastructure built on open-source components. The supply chain implications are enormous and under-discussed.
Browser extensions run with elevated privileges and update automatically. When attackers compromise or acquire popular extensions, they gain access to millions of users instantly.
Securing Tekton CI/CD pipelines on Kubernetes with task isolation, supply chain verification, and least-privilege service accounts.
Every Docker image is a stack of layers, and each one can introduce vulnerabilities. Learn how to dissect image layers for security risks and what tools actually help.
A practical guide to hardening your GitHub Actions workflows against supply chain attacks, secret leaks, and privilege escalation.
Content delivery networks serve billions of software assets daily. When a CDN is compromised, the blast radius is enormous. Here's what CDN supply chain risks look like and how to defend against them.
Scanning for vulnerabilities means nothing if you cannot enforce the results. Supply chain policy engines in Kubernetes turn security findings into hard deployment gates.
Weekly insights on software supply chain security, delivered to your inbox.