Safeguard
Topic

DevSecOps

In-depth guides and analysis on devsecops from the Safeguard engineering team.

378 articles

DevSecOps

ArgoCD GitOps Security Depth

A deep look at ArgoCD security in production: RBAC models, repo credentials, ApplicationSet risks, and the CVEs that have shaped the current hardening defaults.

Jun 25, 20246 min read
DevSecOps

GN and Meson Build Systems: Security

A side-by-side security comparison of GN (Chromium) and Meson, covering declarative posture, wrap files, toolchain handling, and supply chain behavior.

Jun 22, 20247 min read
DevSecOps

Migrating From Ansible to GitOps: A Supply Chain Perspective

Move from Ansible to GitOps with supply chain security intact. Pattern-by-pattern migration, trust boundary changes, and pitfalls to avoid in the transition.

Jun 20, 20247 min read
DevSecOps

AWS CodePipeline Hardening Patterns

CodePipeline is the glue between your source, build, and deploy. It is also the thing that gets the widest IAM role in most AWS accounts. Here is how to harden it without rewriting your pipelines.

Jun 15, 20247 min read
DevSecOps

DevSecOps Meaning: Definition, Model, and How It Differs From SecDevOps

DevSecOps means making security a shared, automated responsibility inside the DevOps loop. Here is the working definition, the operating model, and why the SecDevOps naming debate mostly misses the point.

Jun 11, 20246 min read
DevSecOps

Gradle Build Cache Security Hardening

The Gradle build cache is a performance feature with supply chain consequences. Here is how to configure it so cache poisoning, stale outputs, and cross-project contamination do not become your next incident.

Jun 10, 20247 min read
DevSecOps

Vite Build Tool Security Considerations

Vite has become the default build tool for a generation of JavaScript frameworks. Its plugin model, dev server, and dependency pre-bundling each carry distinct security implications worth understanding.

May 30, 20247 min read
DevSecOps

Harness.io Supply Chain Security Reviewed

A security review of the Harness.io platform covering SSCA, CI/CD governance, STO integration, and the practical configuration required to get a production-grade supply chain posture.

May 28, 20247 min read
DevSecOps

GCP Cloud Build Hardening in Production

Lessons from hardening Cloud Build pipelines in production environments: private pools, least-privilege service accounts, provenance, and the controls that actually stop lateral movement.

May 25, 20247 min read
DevSecOps

How to Measure Dependency Freshness in CI

A practical CI tutorial for measuring dependency freshness, setting SLOs for version drift, and failing builds when packages fall too far behind upstream.

May 20, 20246 min read
DevSecOps

Pants Build Tool Security Posture

A practitioner's view of the Pants build system's security properties, covering sandboxing, third-party resolution, and the Pants 2.x architecture.

May 18, 20247 min read
DevSecOps

DevSecOps Definition: How It Differs From DevOps and SecOps Alone

The devsecops definition that actually matters isn't a new tool category — it's making security a shared responsibility across the pipeline instead of a gate at the end.

May 13, 20245 min read
DevSecOps (Page 24) — Supply Chain Security Blog | Safeguard