DevSecOps
In-depth guides and analysis on devsecops from the Safeguard engineering team.
378 articles
GitHub Actions Security Best Practices in 2022
A practical guide to hardening your GitHub Actions workflows against supply chain attacks, secret leaks, and privilege escalation.
The GitHub Codespaces Security Model, Examined
GitHub Codespaces has gone GA and is about to become the dev environment standard. Here is a close read of its security model — including what it does not solve.
Environment Variable Injection in CI/CD: The Invisible Attack Surface
CI/CD pipelines trust environment variables implicitly. Injecting or modifying them can hijack builds, steal secrets, and compromise deployments.
ESLint Security Rules Configuration: A Practical Guide
ESLint can catch security issues before they reach production. Here is how to configure security-focused rules that actually help without drowning you in noise.
Flux CD GitOps Security Practices
Hardening Flux CD deployments with multi-tenancy, RBAC, secret encryption, and image verification for secure GitOps workflows.
Software Provenance Tracking: From Source to Production
Software provenance answers the question: where did this code come from, who built it, and can I trust it? In 2022, provenance tracking moved from academic concept to practical necessity.
Feature Flags Security Implications
Understanding the security risks of feature flag systems and how to prevent unauthorized flag manipulation, data exposure, and configuration drift.
CI/CD Pipeline Audit Logging: What to Capture and Why
Your CI/CD pipeline is a high-value target. Without proper audit logging, you will not know when it has been compromised until it is too late.
Ephemeral Environments for Security Testing: A Modern Approach
Ephemeral environments — short-lived, on-demand copies of your application stack — are transforming how teams approach security testing. No more fighting over shared staging environments.
Temp File Race Conditions in Build Systems: The TOCTOU Problem
Build systems create and process temporary files constantly. Race conditions in temp file handling can be exploited to inject malicious content into builds.
SBOM Automation in CI/CD Pipelines: A Hands-On Guide
Generating SBOMs manually is unsustainable. Here's how to automate SBOM creation, validation, and distribution as part of your existing CI/CD pipeline with practical examples.
Software Supply Chain Security for Startups: A Practical Guide
You don't need a massive security team to get supply chain security right. Here's a pragmatic, prioritized approach for startups that balances risk reduction with engineering velocity.