Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Infrastructure Security

Securing Infrastructure as Code in GitOps workflows

GitOps auto-applies every merged Terraform and Kubernetes change within minutes. Here's how CVE-2022-24348 and CVE-2025-30066 show why PR-time IaC checks are non-negotiable.

Jun 16, 20267 min read
DevSecOps

Azure DevOps pipeline security best practices

A practical guide to the six Azure DevOps pipeline settings attackers exploit most, with exact controls to fix fork triggers, secrets, and agents.

Jun 16, 20267 min read
Industry Analysis

Application Security Strategy for 2026: AI, DevSecOps, an...

AppSec platform consolidation is reshaping 2026 strategy. See how it compares to Veracode's approach and where Safeguard fits in a unified DevSecOps stack.

Jun 15, 20267 min read
AI Security

AI-Generated Code Security: risks and controls

AI now writes up to 40%+ of new code, and models hallucinate nonexistent packages in 5-22% of outputs. Here's why Black Duck-style SCA misses that risk, and what controls actually work.

Jun 12, 20267 min read
Buyer's Guides

Best Secrets Scanning Tools in 2026: An Honest Buyer's Guide

An honest, engineer-first guide to the best secrets scanning tools in 2026 — Gitleaks, TruffleHog, detect-secrets, GitGuardian, Kingfisher, and where a supply chain platform fits — with a clear 'best for' line for each.

Jun 9, 20268 min read
Application Security

Implementing the OWASP Top 10 Proactive Controls

A field guide to the OWASP Top 10 Proactive Controls: what each control requires, real breach examples like Equifax, and how to implement them in CI/CD.

Jun 4, 20267 min read
Application Security

What is SAST? Static Application Security Testing explained

SAST scans source code for vulnerabilities before deployment. Learn how it works, where it fits vs. DAST/SCA, its false-positive limits, and 2026 tooling.

Jun 4, 20267 min read
Industry Analysis

InnerSource Practices for Enterprise Development

InnerSource speeds up enterprise code reuse, but it also turns every internal team into an unaudited package publisher. Here's where governance breaks and how to fix it.

Jun 4, 20267 min read
AI Security

Claude Code Security: A Practical Guide for Teams Adopting AI Coding Agents

Claude Code can read your repo, run commands, and edit files — which is exactly why it needs the same security engineering as any privileged developer tool. Here's a practical hardening guide.

Jun 2, 20265 min read
Industry Analysis

What Is Shift Left Security

Shift left security moves scanning earlier in the SDLC. Here's what it means, how Sonatype approaches it, where it falls short, and how Safeguard closes the gap.

Jun 2, 20267 min read
Application Security

SAST vs DAST: static and dynamic application security tes...

SAST catches insecure code before deploy; DAST tests running apps after. We compare both against JFrog's Artifactory-first model and Safeguard's supply-chain-native approach.

Jun 1, 20268 min read
DevSecOps

DevOps vs DevSecOps: what actually changes when you add s...

DevOps vs DevSecOps isn't a mindset shift — it's specific new artifacts, gates, and ownership. Here's what changes, contrasted with JFrog's artifact-first model.

Jun 1, 20268 min read
devsecops (Page 16) — Safeguard Blog