Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Sarbanes-Oxley IT general controls predate modern software delivery. Here's how change management, access, and segregation of duties controls actually look when applied to CI/CD pipelines and software components.
CodeBuild projects are where most AWS supply chain compromises end up executing. Here is a practical hardening guide built from years of incident response, with specific buildspec controls and IAM patterns.
1Password has quietly become a credible secrets backend for CI/CD. A walkthrough of Connect, Service Accounts, and the CLI patterns that make 1Password Secrets Automation work in a build pipeline.
A practical, line-by-line walk through hardening Azure DevOps YAML pipelines — template injection, task version pinning, approvals, and the defaults that will bite you.
A case study in moving a sprawling Jenkins estate to GitHub Actions without losing supply chain visibility, artifact integrity, or developer trust.
A practical look at building a Splunk content pack for software supply chain threats, with SPL searches for CI/CD anomalies, package registry abuse, and build provenance violations.
HashiCorp Vault is a Swiss Army knife for secrets, but most teams use it as a glorified key-value store. A walkthrough of the integration patterns that make Vault actually useful in a CI/CD supply chain.
CI/CD pipelines are treasure troves of secrets -- cloud credentials, API keys, signing certificates. Preventing credential theft from build environments is critical to supply chain security.
A hands-on guide to embedding SAST, SCA, secret scanning, and container analysis into your CI/CD pipeline without making builds unbearably slow.
Weekly insights on software supply chain security, delivered to your inbox.