devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
Securing Infrastructure as Code in GitOps workflows
GitOps auto-applies every merged Terraform and Kubernetes change within minutes. Here's how CVE-2022-24348 and CVE-2025-30066 show why PR-time IaC checks are non-negotiable.
Azure DevOps pipeline security best practices
A practical guide to the six Azure DevOps pipeline settings attackers exploit most, with exact controls to fix fork triggers, secrets, and agents.
Application Security Strategy for 2026: AI, DevSecOps, an...
AppSec platform consolidation is reshaping 2026 strategy. See how it compares to Veracode's approach and where Safeguard fits in a unified DevSecOps stack.
AI-Generated Code Security: risks and controls
AI now writes up to 40%+ of new code, and models hallucinate nonexistent packages in 5-22% of outputs. Here's why Black Duck-style SCA misses that risk, and what controls actually work.
Best Secrets Scanning Tools in 2026: An Honest Buyer's Guide
An honest, engineer-first guide to the best secrets scanning tools in 2026 — Gitleaks, TruffleHog, detect-secrets, GitGuardian, Kingfisher, and where a supply chain platform fits — with a clear 'best for' line for each.
Implementing the OWASP Top 10 Proactive Controls
A field guide to the OWASP Top 10 Proactive Controls: what each control requires, real breach examples like Equifax, and how to implement them in CI/CD.
What is SAST? Static Application Security Testing explained
SAST scans source code for vulnerabilities before deployment. Learn how it works, where it fits vs. DAST/SCA, its false-positive limits, and 2026 tooling.
InnerSource Practices for Enterprise Development
InnerSource speeds up enterprise code reuse, but it also turns every internal team into an unaudited package publisher. Here's where governance breaks and how to fix it.
Claude Code Security: A Practical Guide for Teams Adopting AI Coding Agents
Claude Code can read your repo, run commands, and edit files — which is exactly why it needs the same security engineering as any privileged developer tool. Here's a practical hardening guide.
What Is Shift Left Security
Shift left security moves scanning earlier in the SDLC. Here's what it means, how Sonatype approaches it, where it falls short, and how Safeguard closes the gap.
SAST vs DAST: static and dynamic application security tes...
SAST catches insecure code before deploy; DAST tests running apps after. We compare both against JFrog's Artifactory-first model and Safeguard's supply-chain-native approach.
DevOps vs DevSecOps: what actually changes when you add s...
DevOps vs DevSecOps isn't a mindset shift — it's specific new artifacts, gates, and ownership. Here's what changes, contrasted with JFrog's artifact-first model.