DevSecOps
In-depth guides and analysis on devsecops from the Safeguard engineering team.
378 articles
DevOps vs DevSecOps
DevOps ships code fast; DevSecOps ships it safely. Here's the concrete difference, backed by real breach data, costs, and pipeline mechanics.
What is a Secure SDLC (Software Development Life Cycle)
A secure SDLC embeds security into every dev phase, not just the end. Learn the model, frameworks, and pitfalls — with real breach examples.
GCP Cloud Build Supply Chain Defence
Cloud Build has the strongest native supply chain primitives of any major CI service. Most GCP shops are still not using them. This is the 2026 blueprint.
PR-Time Policy Gates Developers Accept
The pull request is the highest-stakes moment in shift-left. A field guide to designing PR policy gates that block bad code without breaking trust.
Security automation: stop chasing vulnerabilities, start ...
Chasing CVEs doesn't scale — 40,000+ vulnerabilities were logged in 2024 alone. Here's why prevention-first automation beats patch-cycle chasing, and how it differs from Chainguard's approach.
Integrating Security Into the DevSecOps Toolchain
Integrating security into the DevSecOps toolchain works when scanning is wired into the tools engineers already use, not bolted on as a separate gate at the end.
AWS ECR Image Signing With Cosign In Production
Cosign-signed images in ECR are no longer a side project. This is how to roll out signing across an AWS estate without breaking the deploy pipeline.
CLI Tool Design For Developer Security Checks
A security CLI lives or dies on the experience of typing it. A design guide for building security tooling that respects the developer's terminal.
Jenkins Supply Chain Security Baseline 2026
A 2026 supply chain security baseline for Jenkins: plugin hygiene, agent isolation, Pipeline-as-Code discipline, credentials, and provenance integration.
Azure ACR Trusted Images Policy Rollout
ACR's trusted images and notation signing combine into a deploy-time policy you can actually enforce. Here is how to roll it out without breaking AKS workloads.
Azure Artifacts Sigstore Integration Walkthrough 2026
A practical walkthrough for integrating Sigstore signing and verification with Azure Artifacts in 2026, including the gaps you should know about before starting.
What is DevSecOps? (principles, workflow, tooling)
DevSecOps explained: the principles, CI/CD workflow, and scanning tools that build security into every commit instead of bolting it on at release.