Safeguard
Topic

DevSecOps

In-depth guides and analysis on devsecops from the Safeguard engineering team.

378 articles

DevSecOps

Developer survey: security friction in the SDLC

A new Safeguard survey of 540 developers finds most have shipped code with known security warnings, driven by alert fatigue and manual SBOM work.

Apr 23, 20267 min read
DevSecOps

Zarf Air-Gap Deployment: A 2026 Walkthrough

How Zarf 0.45 packages and deploys Kubernetes workloads into disconnected environments, where the design works well, and the operational realities to plan for.

Apr 22, 20266 min read
DevSecOps

Drone CI Supply Chain Hardening 2026

A 2026 hardening guide for Drone CI: plugin trust, runner isolation, signed pipelines, secret scoping, and integrating Drone with SLSA and sigstore.

Apr 19, 20266 min read
DevSecOps

AWS CodePipeline Supply Chain Defence 2026

AWS CodePipeline is where most AWS-native supply chain attacks land in 2026. This is the defence blueprint that actually works in production accounts.

Apr 13, 20267 min read
DevSecOps

Shift-Left Without Friction: Dev Experience 2026

Shift-left only works when developers stop noticing it. A 2026 playbook for moving supply chain checks earlier without burning the people who ship code.

Apr 12, 20268 min read
DevSecOps

Developer infrastructure posture: integrating ASPM early

Prisma Cloud built ASPM outward from the cloud. Real breaches like tj-actions and SolarWinds start earlier, in developer infrastructure that needs its own continuous posture model.

Apr 10, 20267 min read
DevSecOps

Azure DevOps Pipeline Supply Chain Controls

Azure DevOps pipelines hold more production deploy power than any other system in many enterprises. The 2026 supply chain controls are not optional anymore.

Apr 9, 20267 min read
DevSecOps

Kubernetes and Infrastructure as Code security

Prisma Cloud pioneered infrastructure as code security scanning for Kubernetes, but alert fatigue and weak commit-level traceability leave real gaps. Here's how to close them.

Apr 9, 20267 min read
DevSecOps

What Is the CI/CD Pipeline (and CI/CD security)?

CI/CD pipelines now hold more privileged access than any other system — yet they're the least monitored. Here's what CI/CD pipeline security really requires.

Apr 9, 20267 min read
DevSecOps

IDE-Time Feedback Loop For Supply Chain

The editor is the highest-leverage place to catch supply chain risk. A design guide for building IDE-time feedback that developers actually want.

Apr 8, 20267 min read
DevSecOps

CircleCI Orb Trust and Pinning in 2026

How to manage CircleCI orb trust in 2026: certified versus uncertified orbs, version pinning, contexts, OIDC, and the controls that hold under real attacker pressure.

Apr 8, 20266 min read
DevSecOps

What is DevSecOps

DevSecOps embeds security into every pipeline stage instead of a final review — here's what it means, how it works, and why Equifax and Log4Shell made it mandatory.

Apr 6, 20264 min read
DevSecOps (Page 9) — Supply Chain Security Blog | Safeguard