Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Buyer's Guides

JFrog Artifactory alternatives compared: what to look for...

Comparing JFrog Artifactory alternatives? Here's how JFrog's binary repository approach differs from Safeguard's supply chain security platform, and what to check before choosing.

May 31, 20268 min read
AI Security

Agentic supply chain security: governing autonomous AI co...

AI coding agents now open PRs, merge code, and touch secrets on their own. Here's why JFrog-style artifact scanning can't govern them, and what can.

May 30, 20267 min read
DevSecOps

Policy-as-code for CI/CD: enforcing security gates withou...

How policy-as-code turns security gates from build-breaking friction into fast, git-versioned CI/CD checks — and where Safeguard's approach differs from JFrog's Xray and Curation model.

May 28, 20268 min read
Open Source Security

10 npm security best practices

Real npm supply-chain incidents from event-stream to the 2025 chalk/debug hack, and 10 concrete practices to stop install-time attacks, typosquatting, and token theft.

May 28, 20267 min read
Software Supply Chain Security

What is a Software Bill of Materials (SBOM) and why it ma...

A software bill of materials (SBOM) is a live inventory of every dependency in your software. Here's why it matters, how JFrog handles it, and how Safeguard does better.

May 28, 20267 min read
DevSecOps

Best DevSecOps tools to secure the SDLC

Comparing the best DevSecOps tools to secure the SDLC: Mend.io's SCA-first platform vs Safeguard's reachability-driven, supply-chain-wide approach.

May 26, 20268 min read
Application Security

Top SAST solutions compared for 2026

Comparing Safeguard and Mend.io on SAST scope, CI/CD fit, and compliance coverage—what's verifiable, what to test yourself, and how a unified platform changes the tradeoffs.

May 26, 20268 min read
Container Security

Top container security tools to evaluate

Comparing Safeguard and Mend.io on the dimensions that actually matter for container security: scanning engine transparency, air-gapped support, registry coverage, and product origin.

May 25, 20268 min read
Supply Chain Attacks

Megalodon: 5,561 GitHub Repos Backdoored via Injected Actions Workflows (May 2026)

In a six-hour window on May 18, 2026, an automated campaign pushed malicious GitHub Actions workflows into 5,561 repositories using credentials harvested by infostealers. We break down the attack chain, the workflow_dispatch dormancy trick, and CI detection.

May 23, 202612 min read
Application Security

10 GitHub security best practices

10 concrete GitHub security controls—2FA, push protection, branch rules, pinned Actions, SBOM—with real CVEs and dates security teams can act on today.

May 23, 20267 min read
Application Security

Cheat sheet: 10 Bitbucket security best practices

A concrete, numbers-first cheat sheet covering the 10 Bitbucket security settings that stop misconfigurations from becoming supply chain breaches.

May 23, 20266 min read
DevSecOps

Mutable Tags Strike Again: actions-cool GitHub Action Tags Redirected to Imposter Commits (May 2026)

In May 2026, every tag on actions-cool/issues-helper and 15 tags on maintain-one-comment were quietly moved to point at imposter commits that stole CI/CD credentials from runner memory. A look at the mutable-tag attack class and how to defeat it.

May 21, 202610 min read
devsecops (Page 17) — Safeguard Blog