Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Software Supply Chain Security

SBOM as a supply chain defense strategy

SBOMs turn "are we affected?" from a weeks-long fire drill into a query. Here's how they defend against real supply chain attacks like Log4Shell and XZ Utils.

Jun 29, 20267 min read
Container Security

10 Docker image security best practices

Ten concrete Docker image security practices — minimal base images, secret handling, reachability-based scanning, non-root runtimes, and SBOMs — with real CVEs and data.

Jun 28, 202610 min read
Buyer's Guides

Unified AppSec platform vs. stitched-together point solut...

Checkmarx built its AppSec suite through years of acquisitions. Safeguard built one risk graph. Here's how to verify which model actually reduces triage work.

Jun 27, 20268 min read
Container Security

Scanning container images in CI/CD pipelines

Where to put container image scanning in your CI/CD pipeline, what it actually catches, and how to stop CVE floods from blocking every build.

Jun 27, 20267 min read
Container Security

Kubernetes RBAC best practices

RBAC drift and over-broad bindings are the top cause of Kubernetes lateral movement. Six concrete, question-first practices to lock down access before it's exploited.

Jun 26, 20267 min read
Application Security

Secrets detection and remediation best practices

Leaked API keys still cause breaches within minutes. Here's how secrets detection and remediation should work in practice, and where scanner-only tools fall short.

Jun 26, 20268 min read
Container Security

Securing Kubernetes Secrets management

Base64 isn't encryption. Here's how Kubernetes Secrets actually get exposed, and the encryption, RBAC, and rotation controls that fix it.

Jun 25, 20266 min read
AI Security

Securing AI coding assistants (Claude Code, Copilot, etc.)

AI coding assistants like Claude Code and Copilot introduce new supply chain risks. Here's what's actually going wrong and how to secure your pipeline.

Jun 24, 20267 min read
Cloud Security

Code-to-cloud security (CNAPP-style end-to-end protection)

Checkmarx scans code and pipelines well, but stops short of live cloud context. Here is what code-to-cloud security actually requires, with real breach examples.

Jun 24, 20268 min read
Container Security

Detecting vulnerabilities in multi-stage Docker builds

Multi-stage Docker builds hide vulnerabilities, leaked secrets, and untracked dependencies in discarded layers. Here's what final-image scans miss and how to catch it.

Jun 24, 20266 min read
DevSecOps

DevSecOps and CI/CD pipeline security

CI/CD pipelines are now a prime attack surface. Here's what Checkmarx's SAST-first approach misses, and how Safeguard secures the full pipeline.

Jun 24, 20267 min read
Container Security

Keeping Docker secrets secure without Kubernetes

Docker ships with tmpfs-backed Swarm secrets, BuildKit secret mounts, and Compose file secrets — here's how to use them without Kubernetes.

Jun 24, 20268 min read
devsecops (Page 14) — Safeguard Blog