DevSecOps
In-depth guides and analysis on devsecops from the Safeguard engineering team.
378 articles
CI/CD Secret Sprawl: How Pipeline Credentials Become Your Biggest Risk
Your CI/CD pipeline has more credentials than your production environment. Secret sprawl across pipelines creates a massive attack surface that most teams cannot even inventory.
SSH Key Management for Organizations: Beyond the Basics
SSH keys provide access to your most critical infrastructure. Most organizations manage them poorly. Here is how to do it right.
CircleCI Security Configuration Guide
Practical steps to secure your CircleCI pipelines, from context management and OIDC to orb vetting and runner isolation.
Harness CI/CD Security Features
Leveraging Harness platform security capabilities including governance policies, secret management, and pipeline security controls.
SpotBugs Security Detectors for Java: A Practical Guide
SpotBugs with Find Security Bugs is the most effective free security analysis tool for Java. Here is how to get real results from it.
Snyk vs Dependabot: A Head-to-Head Comparison
Evaluate Snyk and Dependabot on vulnerability detection, ecosystem coverage, CI integration, pricing, and remediation to pick the right SCA tool for your team.
Environment Variable Injection in CI/CD Pipelines
Environment variables in CI/CD systems carry secrets, configuration, and control flow. When attackers can inject or modify them, everything breaks.
SLSA v1.0: Supply-chain Levels for Software Artifacts Reaches Maturity
SLSA v1.0 simplifies the framework and makes it practical to adopt. Here's what changed and how to implement it.
How to Pin GitHub Actions to SHAs Correctly
A hands-on guide to pinning every third-party GitHub Action to a full commit SHA, automating updates with Dependabot, and avoiding the common pitfalls.
GitLab CI/CD Security Configuration
Hardening GitLab CI/CD pipelines with protected variables, secure runners, and built-in security scanning.
Software Attestation in Practice: From Theory to Implementation
Software attestation is moving from academic concept to practical requirement. Here's how to implement it in your build pipelines today.
Chaos Engineering for Supply Chain Resilience: Breaking Your Build to Make It Stronger
Chaos engineering principles applied to the software supply chain reveal hidden dependencies, single points of failure, and degradation paths that only surface under stress.