DevSecOps
In-depth guides and analysis on devsecops from the Safeguard engineering team.
378 articles
WebAssembly WASI Security Model in 2025
A technical look at WASI Preview 2, the component model, and capability-based isolation for running untrusted code inside supply chain tooling.
Best secure software development lifecycle (SSDLC) platforms
A practical buyer's guide to SSDLC platforms in 2026 — evaluation criteria, an honest roundup of six real vendors, and where Safeguard fits in.
Security in the SDLC: Where It Actually Belongs
Bolting a scanner on before release doesn't count as shift-left. Here's where security actually needs to sit across the SDLC, and why mobile testing is often the weakest link.
The Security Development Lifecycle (SDL): A Working Guide
The SDL turned security from a pre-release audit into a discipline applied at every phase of building software. What the lifecycle actually contains, where it came from, and how to run it without a Microsoft-sized team.
OWASP Secure Coding Practices: A Working Checklist
OWASP secure coding practices boil down to a handful of checks that catch most real-world vulnerabilities — here's the checklist teams actually use, not the full 200-item reference.
Shift-Left Security Testing in Practice
Shift-left security testing means catching vulnerabilities at commit time instead of at deployment — here's what that actually looks like on a working pipeline, not just the slogan.
What Is a DevOps Pipeline? Stages, Tools, and Security Gates
A DevOps pipeline is the automated path code takes from commit to production. Here are the stages every pipeline shares, the tools teams actually use, and where security gates belong.
DevOps Maturity Models, Explained
What a devops maturity model actually measures, why devops mttr alone is a weak proxy for maturity, and how teams can measure whether devops delivery value is improving.
How to Add Reachability Analysis to PR Checks
Run reachability analysis on every pull request to slash vulnerability false positives by 70%+, gate merges on exploitable findings, and keep devs focused.
How Snyk CLI's --severity-threshold and --fail-on flags g...
How Snyk CLI severity-threshold and fail-on flags filter and gate vulnerability findings, plus exit codes and common CI/CD misconfigurations.
How Snyk's GitLab CI/CD template integrates security gate...
A technical look at how Snyk's GitLab CI/CD template authenticates, scans, and uses severity thresholds to block merge requests with known vulnerabilities.
How Snyk's Azure Pipelines and Bitbucket Pipelines integr...
Snyk's CLI, Azure Pipelines extension, and Bitbucket pipe handle auth, gating, and reporting differently — here's how each mechanism actually works under the hood.