DevSecOps
In-depth guides and analysis on devsecops from the Safeguard engineering team.
378 articles
3CX Attack Lessons: What Every Software Vendor Must Do Differently
The 3CX supply chain attack exposed critical gaps in how software vendors protect their build pipelines. Here are the concrete lessons.
GitLab CI Security Scanning Setup
Step-by-step guide to enabling SAST, DAST, dependency scanning, and container scanning in GitLab CI pipelines.
Ruby Brakeman Security Scanner: Rails-Aware Vulnerability Detection
Brakeman understands Rails conventions and catches security issues that generic scanners miss. Here is how to use it effectively.
Git Credential Security for Organizations: Locking Down Source Access
Git credentials are the keys to your source code. Here is how organizations should manage them to prevent unauthorized access and credential theft.
Spinnaker Deployment Security
Securing Spinnaker's multi-cloud deployment pipelines with authentication, authorization, pipeline constraints, and artifact verification.
gosec: Static Analysis for Go Security
gosec is the standard security linter for Go. Here is what it catches, what it misses, and how to integrate it effectively into your workflow.
SBOM Sharing and Distribution Best Practices
Generating SBOMs is only half the battle. Sharing them securely and effectively with stakeholders requires careful planning and tooling.
Blue-Green Deployment Security
Security considerations for blue-green deployment strategies including environment parity, rollback integrity, and data migration safety.
PHPStan Security Analysis: Static Typing as a Security Tool for PHP
PHPStan brings static analysis to PHP. Its type checking catches entire classes of bugs that lead to security vulnerabilities in PHP applications.
Release Management Security Checklist
A pre-release security checklist that covers dependency verification, vulnerability scanning, SBOM generation, and artifact integrity for every production release.
GitHub Repository Security Settings Guide
Configure GitHub repository security settings for branch protection, secret scanning, dependency alerts, and code scanning.
Jenkins Pipeline Security Hardening
How to lock down Jenkins pipelines against credential theft, script injection, and unauthorized access with practical hardening steps.