Safeguard
Tag

devops

Safeguard articles tagged "devops" — guides, analysis, and best practices for software supply chain and application security.

12 articles

AI Security

Least-privilege scoping for AI agents with write access to code, CI, and cloud

OWASP's 2025 LLM Top 10 names Excessive Agency a top risk; a single over-scoped CI token already dumped secrets from 23,000+ repos in 2025.

Jul 10, 20268 min read
Solutions

Software Supply Chain Security for DevOps Teams

DevOps teams own the pipeline, and the pipeline is now the primary target. Here is how to secure build, artifact, and deploy without turning delivery speed into collateral damage.

Jul 3, 20266 min read
Best Practices

Database Platform Migration: Supply Chain

Database migrations touch every part of the software supply chain. This guide covers how to keep schemas, secrets, and data lineage secure during a platform change.

Sep 18, 20247 min read
Container Security

External Secrets Operator: A Kubernetes Guide

A senior engineer's walkthrough of External Secrets Operator, covering architecture, SecretStore design, rotation, and the patterns that hold up in production.

Jul 18, 20247 min read
Offensive Security

Penetration Testing CI/CD Pipelines

Your CI/CD pipeline is a high-value target. Here's how to pen test build systems, artifact repositories, and deployment workflows for supply chain vulnerabilities.

Apr 18, 20246 min read
Containers

What Is a Docker Container? A Practical Explanation

A Docker container is a lightweight, isolated unit that packages an app with everything it needs to run — here's what that actually means under the hood and why it matters for security.

Mar 14, 20247 min read
SBOM

SBOMs for Microservices Architecture: Managing Complexity at Scale

When your application is 50 services with 50 dependency trees, SBOM management stops being simple. Here's how to handle it.

Feb 20, 20246 min read
SBOM

SBOM API Integration Patterns for Development Teams

SBOMs locked in files are static inventory. SBOMs exposed through APIs become live infrastructure. Here's how to build the integration layer.

Jan 25, 20245 min read
SBOM

SBOM Storage and Distribution Infrastructure

Generating SBOMs is solved. Storing, versioning, and distributing them at scale is the next engineering challenge.

Sep 25, 20236 min read
Cloud Security

Azure DevOps Pipeline Security Hardening: A Practical Guide

How to lock down your Azure DevOps pipelines against supply chain attacks, credential leaks, and unauthorized deployments.

Oct 15, 20228 min read
SBOM

Generating SBOMs from Container Images: A Practical Guide

Container images are opaque by default. Here's how to crack them open with SBOMs to see exactly what's running in production.

Oct 8, 20227 min read
Vulnerability Analysis

Grafana CVE-2021-43798: Directory Traversal in Everyone's Favorite Dashboard Tool

CVE-2021-43798 allowed unauthenticated directory traversal in Grafana, exposing configuration files and credentials. Exploitation was trivial and widespread.

Dec 5, 20216 min read
devops — Safeguard Blog