Safeguard
Topic

DevSecOps

In-depth guides and analysis on devsecops from the Safeguard engineering team.

378 articles

DevSecOps

Anchore's approach to DevSecOps (case for shift-left secu...

How Anchore's devsecops approach uses SBOMs and shift-left scanning to catch vulnerabilities early, and why runtime visibility still matters.

Mar 26, 20268 min read
DevSecOps

CI/CD security and compliance integration

How CI/CD pipelines became the top supply chain attack surface, where scan-only tools like Anchore fall short on compliance evidence, and how Safeguard unifies both.

Mar 26, 20267 min read
DevSecOps

Developer Friction Budget For Supply Chain Tools

Every security tool spends developer attention. A framework for budgeting friction across IDE, CLI, and PR-time supply chain checks without going bankrupt.

Mar 25, 20268 min read
DevSecOps

Gitleaks Secret Scanning Recipes for 2026

Practical Gitleaks configurations and workflows for 2026, including pre-commit setup, monorepo tuning, custom rules, and how to avoid the false-positive treadmill.

Mar 25, 20265 min read
DevSecOps

Zero Trust for CI/CD Pipelines: A Concrete Blueprint

CI/CD runners are a top attacker target. Here's a concrete zero-trust blueprint using OIDC federation, pinned action SHAs, and short-lived identities.

Mar 24, 20268 min read
DevSecOps

GCP Binary Authorization Real-World Deployment

Binary Authorization works in production, but the rollout pattern is not obvious. This is the real-world deployment guide for 2026 GCP estates.

Mar 21, 20268 min read
DevSecOps

Reachability Analysis For Monorepos And Microservices

Reachability across a monorepo or a microservices fleet needs different engineering than reachability inside a single service. Both are tractable; both have specific failure modes.

Mar 20, 20263 min read
DevSecOps

Shift-Left, Shift-Everywhere: Program Design

Shift-left is necessary but insufficient. A program design that distributes supply chain checks across IDE, CLI, PR, build, and runtime — without redundancy.

Mar 20, 20267 min read
DevSecOps

DevSecOps and Platform Engineering: The Convergence No One Expected

Platform engineering teams are becoming the new home for security controls. Here's why that is both promising and risky.

Mar 20, 20266 min read
DevSecOps

GitLab CI Supply Chain Hardening Checklist 2026

A 2026 hardening checklist for GitLab CI: ID tokens, protected branches, runner isolation, included templates, and the controls that actually shrink blast radius.

Mar 19, 20265 min read
DevSecOps

DevSecOps Integration: Wiring Security Into Pipelines You Already Have

You do not need a new pipeline — you need to instrument the one you have. A stage-by-stage map for DevSecOps integration in Jenkins, GitHub Actions, GitLab CI, or Azure DevOps.

Mar 19, 20266 min read
DevSecOps

Multi-Cloud Supply Chain Control Plane

A multi-cloud estate needs a single control plane for supply chain policy. This is what one looks like across AWS, Azure, and GCP in production in 2026.

Mar 16, 20268 min read
DevSecOps (Page 11) — Supply Chain Security Blog | Safeguard