Safeguard
Topic

DevSecOps

In-depth guides and analysis on devsecops from the Safeguard engineering team.

378 articles

DevSecOps

Tekton Pipelines Hardening Guide

A practical hardening guide for Tekton Pipelines covering TaskRun isolation, step image provenance, workspace secrets, and the CVE history that shaped the current defaults.

Mar 8, 20247 min read
DevSecOps

Argo CD GitOps Security Guide

Securing Argo CD deployments with RBAC, SSO integration, secret management, and network policies for production Kubernetes clusters.

Mar 5, 20246 min read
DevSecOps

AWS SAM Template Security Considerations

SAM templates look simple and that is exactly the problem. The defaults are generous, the transforms are opaque, and the resulting stacks are often more privileged than anyone intended.

Feb 28, 20247 min read
DevSecOps

How to Set Up Sigstore in Your Build Pipeline

Wire Sigstore into GitHub Actions end-to-end: OIDC identity, Cosign signing, Rekor transparency, and policy-controller enforcement — with working snippets.

Feb 28, 20244 min read
DevSecOps

Earthly Reproducible Builds and Security

How Earthly's reproducible, containerized build system eliminates environment drift and strengthens build integrity for security-conscious teams.

Feb 28, 20246 min read
DevSecOps

Multi-Stage Docker Builds: The Security Implications Nobody Talks About

Multi-stage builds reduce image size, but they also introduce security considerations around build secrets, layer caching, and dependency leakage.

Feb 12, 20246 min read
DevSecOps

Secure Development Environment Setup: A Practical Guide

Setting up a secure development environment involves more than installing an IDE. From OS hardening to credential management, here is a comprehensive checklist for security-conscious teams.

Feb 5, 20245 min read
DevSecOps

Building a Security Automation Playbook Library for Supply Chain Defense

Security automation playbooks codify response procedures into executable workflows. A well-designed playbook library turns supply chain incidents from fire drills into routine operations.

Dec 18, 20236 min read
DevSecOps

JFrog Artifactory Hardening Guide

Artifactory is the most common artifact repository in enterprise. It is also a default-permissive system where misconfigurations compound. A concrete hardening guide.

Dec 14, 20236 min read
DevSecOps

Purple Team Exercises for Supply Chain Security

Purple team exercises combine offensive and defensive perspectives to test supply chain defenses. Here is how to structure exercises that improve both detection capabilities and attack understanding.

Dec 5, 20235 min read
DevSecOps

Travis CI Security Best Practices

Security hardening for Travis CI pipelines covering secret management, build isolation, and migration considerations for teams still on the platform.

Nov 12, 20236 min read
DevSecOps

CI/CD Credential Theft Prevention

CI/CD pipelines are treasure troves of secrets -- cloud credentials, API keys, signing certificates. Preventing credential theft from build environments is critical to supply chain security.

Nov 8, 20236 min read
DevSecOps (Page 26) — Supply Chain Security Blog | Safeguard