devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
JFrog Artifactory alternatives compared: what to look for...
Comparing JFrog Artifactory alternatives? Here's how JFrog's binary repository approach differs from Safeguard's supply chain security platform, and what to check before choosing.
Agentic supply chain security: governing autonomous AI co...
AI coding agents now open PRs, merge code, and touch secrets on their own. Here's why JFrog-style artifact scanning can't govern them, and what can.
Policy-as-code for CI/CD: enforcing security gates withou...
How policy-as-code turns security gates from build-breaking friction into fast, git-versioned CI/CD checks — and where Safeguard's approach differs from JFrog's Xray and Curation model.
10 npm security best practices
Real npm supply-chain incidents from event-stream to the 2025 chalk/debug hack, and 10 concrete practices to stop install-time attacks, typosquatting, and token theft.
What is a Software Bill of Materials (SBOM) and why it ma...
A software bill of materials (SBOM) is a live inventory of every dependency in your software. Here's why it matters, how JFrog handles it, and how Safeguard does better.
Best DevSecOps tools to secure the SDLC
Comparing the best DevSecOps tools to secure the SDLC: Mend.io's SCA-first platform vs Safeguard's reachability-driven, supply-chain-wide approach.
Top SAST solutions compared for 2026
Comparing Safeguard and Mend.io on SAST scope, CI/CD fit, and compliance coverage—what's verifiable, what to test yourself, and how a unified platform changes the tradeoffs.
Top container security tools to evaluate
Comparing Safeguard and Mend.io on the dimensions that actually matter for container security: scanning engine transparency, air-gapped support, registry coverage, and product origin.
Megalodon: 5,561 GitHub Repos Backdoored via Injected Actions Workflows (May 2026)
In a six-hour window on May 18, 2026, an automated campaign pushed malicious GitHub Actions workflows into 5,561 repositories using credentials harvested by infostealers. We break down the attack chain, the workflow_dispatch dormancy trick, and CI detection.
10 GitHub security best practices
10 concrete GitHub security controls—2FA, push protection, branch rules, pinned Actions, SBOM—with real CVEs and dates security teams can act on today.
Cheat sheet: 10 Bitbucket security best practices
A concrete, numbers-first cheat sheet covering the 10 Bitbucket security settings that stop misconfigurations from becoming supply chain breaches.
Mutable Tags Strike Again: actions-cool GitHub Action Tags Redirected to Imposter Commits (May 2026)
In May 2026, every tag on actions-cool/issues-helper and 15 tags on maintain-one-comment were quietly moved to point at imposter commits that stole CI/CD credentials from runner memory. A look at the mutable-tag attack class and how to defeat it.