Safeguard
Topic

DevSecOps

In-depth guides and analysis on devsecops from the Safeguard engineering team.

378 articles

DevSecOps

Jenkins + Maven Integration Security

Jenkins is still the most common Maven build driver in enterprise Java shops. It is also where most supply chain incidents start. Here is what to change before it becomes your problem.

Sep 8, 20247 min read
DevSecOps

Please Build System Security Review

A hands-on security review of Please, the open-source Bazel-inspired build system, including sandbox behavior, BUILD rules, and supply chain trade-offs.

Aug 28, 20246 min read
DevSecOps

Azure Bicep vs ARM: Security Comparison

Bicep and ARM templates produce the same deployments, but their security properties diverge — in module provenance, what-if analysis, registry trust, and review experience.

Aug 25, 20248 min read
DevSecOps

Spinnaker Deployment Security Patterns

Practical security patterns for Spinnaker deployments: account isolation, pipeline template governance, artifact binding, and the CVE history behind the current authentication defaults.

Aug 18, 20247 min read
DevSecOps

Security Data Lake Architecture for Supply Chain Intelligence

A security data lake aggregates SBOMs, vulnerability data, build provenance, and runtime signals into a queryable store. This architecture enables the cross-cutting analysis that siloed tools cannot provide.

Aug 15, 20247 min read
DevSecOps

SecDevOps vs DevSecOps: Is There Actually a Difference?

The SecDevOps definition and the DevSecOps definition describe nearly identical practices, but the word order isn't purely cosmetic, it signals a real difference in where security sits in the pipeline.

Aug 14, 20245 min read
DevSecOps

NuGet Private Feed Security Hardening

Private NuGet feeds sit in the blind spot of most security programs. The hardening work is not glamorous but the failure modes are expensive.

Jul 30, 20247 min read
DevSecOps

npm Token Rotation: An Enterprise Strategy

Rotating a few npm tokens is easy. Rotating a few thousand across a shared CI fleet is a project. A practical strategy that survives real organizations.

Jul 18, 20247 min read
DevSecOps

Drone CI Security Considerations

A security-focused look at Drone CI: runner isolation, secret handling, plugin risks, and the differences between Drone OSS, Enterprise, and the Harness transition.

Jul 15, 20248 min read
DevSecOps

Nix Reproducible Builds: A Supply Chain Case

Practical supply chain lessons from running Nix and Nix flakes in production, including flake.lock handling, content-addressed derivations, and cachix trust.

Jul 12, 20246 min read
DevSecOps

Semgrep vs CodeQL: SAST Comparison

Compare Semgrep and CodeQL on rule authoring, language coverage, taint analysis, scan time, IDE integration, and pricing to choose the right SAST engine in 2024.

Jul 8, 20245 min read
DevSecOps

Code Repository Security Hardening

Your source code repository is the starting point of your entire supply chain. Hardening it against unauthorized access, code injection, and configuration tampering is non-negotiable.

Jul 8, 20246 min read
DevSecOps (Page 23) — Supply Chain Security Blog | Safeguard