Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Provenance describes how software was built, attestations are signed claims about that process, and signing proves origin. Here's how the pieces fit.
A concrete migration plan for artifact signing from ECDSA to ML-DSA and SLH-DSA, covering Sigstore, Notary, HSMs, and staged hybrid rollouts.
Long-lived signing keys are operational debt that every security team eventually pays down the hard way. Keyless signing is not an experiment anymore — it is the mainstream design.
Why multi-architecture container images break assumptions baked into signing, SBOM, and attestation tooling, and how to build a multi-arch pipeline that stays verifiable.
NuGet package signing has quietly become one of the stricter supply chain stories in mainstream ecosystems. Here is what .NET teams actually need to know.
Azure Container Registry plus Notation gives you signing, trust policy, and AKS enforcement without bolting on Sigstore. Here is how the pieces actually fit together.
The parts of container supply chain that break differently on AWS Fargate and ECS compared to Kubernetes, and what to do about each one in production.
ECR now supports Notation-based image signing and trust policy enforcement. Here is how to design signing policies that survive scale and auditors.
How the Sigstore Policy Controller actually runs in production, what it does better than Kyverno, and the operational pitfalls nobody mentions in the quickstart.
Weekly insights on software supply chain security, delivered to your inbox.