Safeguard
Topic

DevSecOps

In-depth guides and analysis on devsecops from the Safeguard engineering team.

378 articles

DevSecOps

AWS CodeBuild Supply Chain Hardening Guide

CodeBuild projects are where most AWS supply chain compromises end up executing. Here is a practical hardening guide built from years of incident response, with specific buildspec controls and IAM patterns.

May 10, 20247 min read
DevSecOps

What Is DevSecOps? Explained in Plain Terms

A plain-terms answer to devsecops o que e, the Portuguese-language version of 'what is DevSecOps,' with the same explanation that applies regardless of what language you searched in.

May 8, 20245 min read
DevSecOps

1Password Secrets Automation in CI

1Password has quietly become a credible secrets backend for CI/CD. A walkthrough of Connect, Service Accounts, and the CLI patterns that make 1Password Secrets Automation work in a build pipeline.

Apr 22, 20247 min read
DevSecOps

Azure DevOps YAML Pipeline Hardening

A practical, line-by-line walk through hardening Azure DevOps YAML pipelines — template injection, task version pinning, approvals, and the defaults that will bite you.

Apr 20, 20247 min read
DevSecOps

Container Security Scanning in 2024: Benchmarks, Tools, and What Actually Matters

Container image scanning tools vary widely in detection rates, false positive rates, and coverage. Here is a practical assessment of the container security scanning landscape in 2024.

Apr 20, 20246 min read
DevSecOps

Migrating Jenkins to GitHub Actions: Security

A case study in moving a sprawling Jenkins estate to GitHub Actions without losing supply chain visibility, artifact integrity, or developer trust.

Apr 15, 20247 min read
DevSecOps

Bazel Hermetic Builds: Supply Chain Benefits

How Bazel's hermeticity model reduces supply chain risk, with concrete WORKSPACE and MODULE.bazel examples from real migrations.

Apr 8, 20246 min read
DevSecOps

Jenkins Pipeline Supply Chain Security

How Jenkins pipelines end up as supply chain attack vectors, covering Groovy sandbox risks, plugin CVEs, credential binding, and practical hardening for Jenkins 2.440+.

Apr 2, 20247 min read
DevSecOps

Ninja Build Supply Chain Considerations

Ninja is a low-level build tool, not a package manager. That framing matters for understanding its supply chain properties and common misconceptions.

Mar 28, 20247 min read
DevSecOps

GitHub Advanced Security vs Alternatives, Early 2024

GitHub Advanced Security anchors many AppSec programs in 2024, but Snyk, Semgrep, Endor, and others are credible alternatives. Here is an honest comparison.

Mar 25, 20246 min read
DevSecOps

What Is SSDLC? The Secure Software Development Lifecycle

SSDLC builds security work into every phase of delivery instead of auditing at the end. Here is what changes at each phase, which frameworks define it, and how to adopt it without stalling releases.

Mar 14, 20246 min read
DevSecOps

CI/CD Compromise Investigation Steps

A step-by-step investigation playbook for suspected CI/CD pipeline compromise, from runner forensics to secrets rotation.

Mar 8, 20246 min read
DevSecOps (Page 25) — Supply Chain Security Blog | Safeguard