devops
Safeguard articles tagged "devops" — guides, analysis, and best practices for software supply chain and application security.
12 articles
Least-privilege scoping for AI agents with write access to code, CI, and cloud
OWASP's 2025 LLM Top 10 names Excessive Agency a top risk; a single over-scoped CI token already dumped secrets from 23,000+ repos in 2025.
Software Supply Chain Security for DevOps Teams
DevOps teams own the pipeline, and the pipeline is now the primary target. Here is how to secure build, artifact, and deploy without turning delivery speed into collateral damage.
Database Platform Migration: Supply Chain
Database migrations touch every part of the software supply chain. This guide covers how to keep schemas, secrets, and data lineage secure during a platform change.
External Secrets Operator: A Kubernetes Guide
A senior engineer's walkthrough of External Secrets Operator, covering architecture, SecretStore design, rotation, and the patterns that hold up in production.
Penetration Testing CI/CD Pipelines
Your CI/CD pipeline is a high-value target. Here's how to pen test build systems, artifact repositories, and deployment workflows for supply chain vulnerabilities.
What Is a Docker Container? A Practical Explanation
A Docker container is a lightweight, isolated unit that packages an app with everything it needs to run — here's what that actually means under the hood and why it matters for security.
SBOMs for Microservices Architecture: Managing Complexity at Scale
When your application is 50 services with 50 dependency trees, SBOM management stops being simple. Here's how to handle it.
SBOM API Integration Patterns for Development Teams
SBOMs locked in files are static inventory. SBOMs exposed through APIs become live infrastructure. Here's how to build the integration layer.
SBOM Storage and Distribution Infrastructure
Generating SBOMs is solved. Storing, versioning, and distributing them at scale is the next engineering challenge.
Azure DevOps Pipeline Security Hardening: A Practical Guide
How to lock down your Azure DevOps pipelines against supply chain attacks, credential leaks, and unauthorized deployments.
Generating SBOMs from Container Images: A Practical Guide
Container images are opaque by default. Here's how to crack them open with SBOMs to see exactly what's running in production.
Grafana CVE-2021-43798: Directory Traversal in Everyone's Favorite Dashboard Tool
CVE-2021-43798 allowed unauthenticated directory traversal in Grafana, exposing configuration files and credentials. Exploitation was trivial and widespread.