Safeguard
Topic

DevSecOps

In-depth guides and analysis on devsecops from the Safeguard engineering team.

378 articles

DevSecOps

Makefile Injection Attacks: When Build Automation Becomes a Weapon

Makefiles execute shell commands by design. When those commands incorporate untrusted input, the results are predictably dangerous.

Oct 30, 20224 min read
DevSecOps

Tekton Pipeline Security Guide

Securing Tekton CI/CD pipelines on Kubernetes with task isolation, supply chain verification, and least-privilege service accounts.

Oct 22, 20225 min read
DevSecOps

Bandit for Python Security Linting: Getting Real Value From Static Analysis

Bandit scans Python code for security issues. Here is how to configure it so it catches real bugs without burying your team in false positives.

Oct 15, 20225 min read
DevSecOps

Developer Productivity vs. Security: Finding the Real Balance

The security-productivity tension is real but often exaggerated. Most friction comes from bad tooling and poor processes, not from security itself. Here is how to fix the actual problems.

Oct 5, 20226 min read
DevSecOps

GoSec Static Analysis for Go: Practical Security Scanning

GoSec finds security issues in Go source code. Here is how to get the most out of it without fighting false positives all day.

Sep 18, 20225 min read
DevSecOps

Canary Deployments and Security Monitoring

Using canary deployment strategies to catch security regressions before they reach all users, with monitoring patterns for security-relevant metrics.

Sep 12, 20226 min read
DevSecOps

Build Artifact Integrity Verification: From Source to Deployment

If you cannot verify that your deployed artifact matches your reviewed source code, your entire code review process is security theater. Here is how to close that gap.

Aug 28, 20226 min read
DevSecOps

Securing GitHub Actions: Hardening Your CI/CD Supply Chain

GitHub Actions is a powerful CI/CD platform — and a significant attack surface. Here's how to lock it down against supply chain threats.

Aug 15, 20226 min read
DevSecOps

Docker Security Best Practices for Developers

Practical Docker security from image building to runtime, covering multi-stage builds, user namespaces, and image scanning.

Aug 8, 20224 min read
DevSecOps

Reproducible Builds: The Gold Standard for Supply Chain Integrity

If you can't rebuild a binary from source and get the same result, you can't verify that the binary matches the source. Reproducible builds close this fundamental trust gap.

Aug 1, 20228 min read
DevSecOps

Zero Trust Architecture for the Software Supply Chain

Zero trust isn't just for networks. Applying zero trust principles to your software supply chain fundamentally changes how you manage dependency risk.

Jul 28, 20226 min read
DevSecOps

VEX Explained: How Vulnerability Exploitability Exchange Cuts Through Alert Noise

VEX documents let software producers tell consumers which vulnerabilities actually affect their products. Here's how VEX works and why it matters.

Jul 20, 20227 min read
DevSecOps (Page 30) — Supply Chain Security Blog | Safeguard