DevSecOps
In-depth guides and analysis on devsecops from the Safeguard engineering team.
378 articles
Anchore's approach to DevSecOps (case for shift-left secu...
How Anchore's devsecops approach uses SBOMs and shift-left scanning to catch vulnerabilities early, and why runtime visibility still matters.
CI/CD security and compliance integration
How CI/CD pipelines became the top supply chain attack surface, where scan-only tools like Anchore fall short on compliance evidence, and how Safeguard unifies both.
Developer Friction Budget For Supply Chain Tools
Every security tool spends developer attention. A framework for budgeting friction across IDE, CLI, and PR-time supply chain checks without going bankrupt.
Gitleaks Secret Scanning Recipes for 2026
Practical Gitleaks configurations and workflows for 2026, including pre-commit setup, monorepo tuning, custom rules, and how to avoid the false-positive treadmill.
Zero Trust for CI/CD Pipelines: A Concrete Blueprint
CI/CD runners are a top attacker target. Here's a concrete zero-trust blueprint using OIDC federation, pinned action SHAs, and short-lived identities.
GCP Binary Authorization Real-World Deployment
Binary Authorization works in production, but the rollout pattern is not obvious. This is the real-world deployment guide for 2026 GCP estates.
Reachability Analysis For Monorepos And Microservices
Reachability across a monorepo or a microservices fleet needs different engineering than reachability inside a single service. Both are tractable; both have specific failure modes.
Shift-Left, Shift-Everywhere: Program Design
Shift-left is necessary but insufficient. A program design that distributes supply chain checks across IDE, CLI, PR, build, and runtime — without redundancy.
DevSecOps and Platform Engineering: The Convergence No One Expected
Platform engineering teams are becoming the new home for security controls. Here's why that is both promising and risky.
GitLab CI Supply Chain Hardening Checklist 2026
A 2026 hardening checklist for GitLab CI: ID tokens, protected branches, runner isolation, included templates, and the controls that actually shrink blast radius.
DevSecOps Integration: Wiring Security Into Pipelines You Already Have
You do not need a new pipeline — you need to instrument the one you have. A stage-by-stage map for DevSecOps integration in Jenkins, GitHub Actions, GitLab CI, or Azure DevOps.
Multi-Cloud Supply Chain Control Plane
A multi-cloud estate needs a single control plane for supply chain policy. This is what one looks like across AWS, Azure, and GCP in production in 2026.