Cloud Security
GCP Artifact Analysis API for Vulnerability Triage
GCP's Artifact Analysis API is the most direct way to get scan results into your triage tooling. Here is how to use it without drowning your team.
Feb 14, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
GCP's Artifact Analysis API is the most direct way to get scan results into your triage tooling. Here is how to use it without drowning your team.
SLSA provenance is the cryptographic receipt of a build. Griffin AI verifies it, parses it, and uses it as typed evidence. Mythos-class tools describe it and forget to check the signature.
What hospitals and payers should actually require from their software vendors in 2026: HIPAA-aligned controls, SBOM expectations, and the threats now hitting clinical environments.
A direct comparison of OpenVEX and CycloneDX VEX in 2026, covering spec differences, tooling support, and the operational tradeoffs that actually affect your choice.
RSA Conference 2026 centered on AI governance, software supply chain regulation, and vendor consolidation. Here is the analyst view of what mattered.
Model weights are binaries with the privilege of code and the review of documents. Here is what signing, attestation, and provenance should actually look like.
A raw SBOM is a parts list. An enriched SBOM is a risk assessment. Here's how to bridge the gap.
VEX is how you turn a vulnerability list into an actionable work queue. Griffin AI ingests VEX documents as structured statements that filter findings at policy time. Mythos-class tools read them as advisory prose and lose the filtering entirely.
Most SBOMs are generated, filed, and forgotten. Treating them as compliance artifacts rather than operational products is why they have not paid off — and how to fix it.
Weekly insights on software supply chain security, delivered to your inbox.