Safeguard
Topic

DevSecOps

In-depth guides and analysis on devsecops from the Safeguard engineering team.

378 articles

DevSecOps

CI/CD Secret Sprawl: How Pipeline Credentials Become Your Biggest Risk

Your CI/CD pipeline has more credentials than your production environment. Secret sprawl across pipelines creates a massive attack surface that most teams cannot even inventory.

Jul 20, 20235 min read
DevSecOps

SSH Key Management for Organizations: Beyond the Basics

SSH keys provide access to your most critical infrastructure. Most organizations manage them poorly. Here is how to do it right.

Jul 8, 20234 min read
DevSecOps

CircleCI Security Configuration Guide

Practical steps to secure your CircleCI pipelines, from context management and OIDC to orb vetting and runner isolation.

Jul 8, 20235 min read
DevSecOps

Harness CI/CD Security Features

Leveraging Harness platform security capabilities including governance policies, secret management, and pipeline security controls.

Jun 28, 20235 min read
DevSecOps

SpotBugs Security Detectors for Java: A Practical Guide

SpotBugs with Find Security Bugs is the most effective free security analysis tool for Java. Here is how to get real results from it.

Jun 22, 20234 min read
DevSecOps

Snyk vs Dependabot: A Head-to-Head Comparison

Evaluate Snyk and Dependabot on vulnerability detection, ecosystem coverage, CI integration, pricing, and remediation to pick the right SCA tool for your team.

Jun 14, 20235 min read
DevSecOps

Environment Variable Injection in CI/CD Pipelines

Environment variables in CI/CD systems carry secrets, configuration, and control flow. When attackers can inject or modify them, everything breaks.

May 8, 20234 min read
DevSecOps

SLSA v1.0: Supply-chain Levels for Software Artifacts Reaches Maturity

SLSA v1.0 simplifies the framework and makes it practical to adopt. Here's what changed and how to implement it.

May 1, 20236 min read
DevSecOps

How to Pin GitHub Actions to SHAs Correctly

A hands-on guide to pinning every third-party GitHub Action to a full commit SHA, automating updates with Dependabot, and avoiding the common pitfalls.

Apr 18, 20234 min read
DevSecOps

GitLab CI/CD Security Configuration

Hardening GitLab CI/CD pipelines with protected variables, secure runners, and built-in security scanning.

Apr 18, 20234 min read
DevSecOps

Software Attestation in Practice: From Theory to Implementation

Software attestation is moving from academic concept to practical requirement. Here's how to implement it in your build pipelines today.

Apr 8, 20236 min read
DevSecOps

Chaos Engineering for Supply Chain Resilience: Breaking Your Build to Make It Stronger

Chaos engineering principles applied to the software supply chain reveal hidden dependencies, single points of failure, and degradation paths that only surface under stress.

Apr 5, 20235 min read
DevSecOps (Page 28) — Supply Chain Security Blog | Safeguard