Safeguard
Tag

azure-devops

Safeguard articles tagged "azure-devops" — guides, analysis, and best practices for software supply chain and application security.

11 articles

DevSecOps

Azure Pipelines Security: Stop Treating YAML as Config

An Azure Pipeline is a program with attacker-controllable input, not a config file. This guide covers macro injection, task and template pinning, environment approvals, workload identity federation, and adding scanning.

Jul 5, 20266 min read
Product

GitHub Advanced Security for Azure DevOps: general availa...

GitHub Advanced Security for Azure DevOps hit GA on June 1, 2023 at $49/committer/month. Here's what it covers, what it misses, and how Safeguard fills the gaps.

Jun 30, 20267 min read
DevSecOps

Azure DevOps pipeline security best practices

A practical guide to the six Azure DevOps pipeline settings attackers exploit most, with exact controls to fix fork triggers, secrets, and agents.

Jun 16, 20267 min read
DevSecOps

Azure DevOps Pipeline Supply Chain Hardening 2026

A 2026 hardening guide for Azure DevOps Pipelines: service connections, workload identity federation, approval gates, agent isolation, and SLSA integration.

May 6, 20265 min read
Cloud Security

Azure DevOps Personal Access Tokens in 2026: Rotation, Scoping, and Replacement

PATs remain the most common credential leak in Azure DevOps incidents. We trace the patterns that actually reduce risk and the migration paths that retire them entirely.

Apr 17, 20267 min read
Cloud Security

Azure DevOps Supply Chain Hardening Guide

A senior engineer's 2026 playbook for hardening Azure DevOps against the supply chain attacks that actually happen: extensions, service connections, and template injection.

Jan 27, 20267 min read
DevSecOps

Securing Azure DevOps pipelines against supply chain comp...

Pipelines now hold more privilege than the apps they build. Here's how Azure DevOps pipeline security actually breaks down—and how to close the gaps.

Jan 16, 20267 min read
DevSecOps

Signing container images and generating SBOMs in Azure pi...

A practical walkthrough for Azure container image signing with Notation and ACR content trust, plus generating SBOMs inside Azure DevOps pipelines.

Jan 15, 20267 min read
Frameworks

OpenSSF Scorecard v5.1: Azure DevOps Support and File-Mode Selection

Scorecard v5.1 added experimental Azure DevOps repository support and a new --file-mode flag that materially changes how repository files are fetched.

Sep 30, 20256 min read
DevSecOps

Azure DevOps YAML Pipeline Hardening

A practical, line-by-line walk through hardening Azure DevOps YAML pipelines — template injection, task version pinning, approvals, and the defaults that will bite you.

Apr 20, 20247 min read
Supply Chain Security

Azure DevOps Supply Chain Risks: Securing Your Microsoft CI/CD Pipeline

Azure DevOps pipelines present unique supply chain risks from marketplace extensions to service connections. A breakdown of the attack surface and how to harden it.

Apr 15, 20226 min read
azure-devops — Safeguard Blog