Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

DevSecOps

Reducing developer friction in AppSec adoption

Why traditional SAST tooling like Checkmarx creates developer friction, what it costs engineering teams, and how to build developer experience application security that ships.

Jun 24, 20268 min read
Software Supply Chain Security

Repository health and source-code manager (SCM) risk

Repository health—branch protection, stale permissions, leaked secrets, OAuth grants—is a supply chain risk AppSec scanners like Checkmarx can't see. Here's why it matters.

Jun 23, 20268 min read
Application Security

What is Static Application Security Testing (SAST)

SAST scans source code for flaws before deployment. Learn how it works, where Checkmarx-style tools fall short on supply chain risk, and how Safeguard closes the gap.

Jun 23, 20268 min read
Container Security

OCI image vulnerability scanning explained

A concrete breakdown of how OCI image vulnerability scanning works, where scanners miss real risk, and how to build a scan workflow that doesn't drown teams in noise.

Jun 22, 20267 min read
Application Security

Static Analysis Tools compared

Veracode built its name on SAST, DAST, and SCA for application code. Safeguard focuses static analysis on the software supply chain. Here's how the two actually differ.

Jun 22, 20267 min read
Container Security

Reducing CVEs in container base images

Base images inherit hundreds of OS-level CVEs your app never touches. Here's how reachability analysis and minimal bases cut real risk, not just counts.

Jun 21, 20267 min read
Application Security

Software Development Lifecycle (SDLC) security

A secure SDLC needs more than periodic scans. See where Veracode's upload-and-scan model leaves supply chain gaps, and how continuous, provenance-aware security closes them.

Jun 20, 20268 min read
Infrastructure Security

Scanning Terraform code for security misconfigurations

Public S3 buckets, open security groups, and wildcard IAM policies are the recurring Terraform mistakes behind most cloud breaches — here's how to catch them before apply.

Jun 19, 20268 min read
Infrastructure Security

Policy as code for cloud security guardrails

Policy as code turns cloud security guardrails into version-controlled, testable rules enforced automatically across IaC, Kubernetes, and CI/CD pipelines.

Jun 18, 20266 min read
Infrastructure Security

Pulumi security scanning best practices

Pulumi programs run as real code with live cloud credentials -- here's how to secure state files, dependencies, CrossGuard policy, and CI/CD.

Jun 17, 20267 min read
Infrastructure Security

Ansible playbook security scanning

Hardcoded secrets, unrestricted become, and injection-prone shell tasks turn Ansible playbooks into a single point of compromise across every host they touch.

Jun 17, 20267 min read
Infrastructure Security

Cloud Security Posture Management (CSPM) explained

CSPM explained: what it checks, why Gartner created the category in 2019, how it differs from CWPP/CNAPP, and why raw findings alone don't stop breaches.

Jun 17, 20267 min read
devsecops (Page 15) — Safeguard Blog