Cloud Security
Azure Functions extensions as a supply chain entry point in 2026
Binding extensions and isolated worker SDK packages run with the function's managed identity. Here is how to evaluate and gate them in 2026.
May 12, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Binding extensions and isolated worker SDK packages run with the function's managed identity. Here is how to evaluate and gate them in 2026.
Lambda Layers feel like a packaging convenience, but org-shared and public layers carry code that runs with your function's IAM role. Here is the 2026 control set.
Code Engine abstracts away Kubernetes for Knative-style serverless workloads on IBM Cloud. The supply chain story is different from what most defenders bring from AWS or GCP.
AWS built Firecracker to run Lambda. The security model is the entire value proposition, and it holds up under scrutiny.
Lambda layers feel like a convenience but they are a supply chain attack surface that most teams do not treat as code. Here is how they get abused and what to do about it.
Azure Functions hide a surprising amount of supply chain risk — Oryx builds, run-from-package, extension bundles, and the way deployment slots interact with identity.
SAM templates look simple and that is exactly the problem. The defaults are generous, the transforms are opaque, and the resulting stacks are often more privileged than anyone intended.
Serverless architectures shift the attack surface from infrastructure to application dependencies. This guide covers the unique supply chain risks of serverless and how to address them.
Serverless doesn't mean dependency-free. Here's how to generate and manage SBOMs for Lambda functions, Azure Functions, and Cloud Functions.
Weekly insights on software supply chain security, delivered to your inbox.