Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
On 19 May 2026, three malicious versions of Microsoft's durabletask PyPI package were uploaded in a 35-minute window. The payload steals AWS, Azure, GCP, and Kubernetes credentials in under four seconds and ships a locale-gated rm -rf wiper.
Google's $32B Wiz acquisition closed in March 2026. We ran a 90-day bake-off between Wiz and Orca on the same AWS+Azure estate and graded the agentless CNAPP race honestly.
Container security has matured significantly, but runtime protection remains a weak spot. Here's a practical guide to what works.
Cloudflare Workers collapse the build, deploy, and runtime into one surface. That changes the supply chain threat model in ways most teams underestimate.
How to migrate from IRSA to EKS Pod Identity in 2026, including the trade-offs, the operational gotchas, and the cases where IRSA still makes sense.
Pod Identity and IRSA both give EKS workloads AWS identities. The supply chain implications diverge once you look past the docs.
Running supply chain controls across AWS, Azure, and GCP means picking the right abstractions. Here is which ones hold up and which ones you will regret.
Each major cloud provider approaches supply chain security differently. Here's a practical comparison and what it means for multi-cloud organizations.
GCP's Artifact Analysis API is the most direct way to get scan results into your triage tooling. Here is how to use it without drowning your team.
Weekly insights on software supply chain security, delivered to your inbox.