Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

AppSec

Application Security Architecture: Design Patterns That Hold Up

Good application security architecture is a small set of repeatable patterns — trust boundaries, defense in depth, least privilege — applied consistently, not a document nobody reads.

May 19, 20266 min read
DevSecOps

How to implement DevSecOps in 4 steps

A concrete, 4-step playbook for implementing DevSecOps — pipeline gating, SBOM generation, reachability-based triage, and auto-fix PRs.

May 19, 20267 min read
DevSecOps

The 4 best DevSecOps tools for a secure DevOps workflow

The 4 DevSecOps tool categories a secure pipeline needs — SCA, SAST, container/IaC scanning, secrets scanning — with real incidents and fixes.

May 18, 20267 min read
DevSecOps

Building a security-conscious CI/CD pipeline

CI/CD pipelines are now the top supply chain target. Here's how to build one with real controls—secrets, scoping, SBOMs, and provenance.

May 18, 20266 min read
DevSecOps

8 tips for securing your CI/CD pipeline

Real incidents like tj-actions and xz-utils show how CI/CD pipelines get compromised. Eight concrete, actionable tips to lock yours down.

May 18, 20266 min read
Application Security

AI Security Code Review for Pull Requests

How AI code review security works in pull requests, where Endor Labs stops short, and what closes the gap between diff review and real supply chain risk.

May 18, 20269 min read
DevSecOps

Building a secure CI/CD pipeline with GitHub Actions

The tj-actions breach exposed secrets in 23,000 repos. Here's how pwn requests, unpinned tags, and self-hosted runners put your CI/CD at risk.

May 18, 20267 min read
Industry Analysis

Exploring vulnerabilities in GitHub Actions workflows

From the tj-actions/changed-files hijack to PyTorch's self-hosted runner breach, real incidents show how GitHub Actions workflows keep getting exploited.

May 17, 20266 min read
DevSecOps

Securing self-hosted GitHub Actions runners

Self-hosted GitHub Actions runners trade GitHub's ephemeral isolation for persistent infrastructure access — here's how real incidents like CVE-2025-30066 exploited that gap.

May 17, 20267 min read
Software Supply Chain Security

Package Firewall: Blocking Malicious Dependencies at Inst...

Malicious npm and PyPI packages are published daily. See why a package firewall that blocks at install time stops attacks that post-hoc scanners catch too late.

May 17, 20268 min read
Application Security

Secrets management: tools and best practices

Secrets leak because of workflow gaps, not carelessness. Here's how vaults, scanners, and rotation policies actually stop credential exposure.

May 16, 20267 min read
Application Security

Finding and fixing exposed hardcoded secrets in GitHub projects

Hardcoded secrets leak into GitHub every day and get exploited within minutes. Here's how to find, fix, and prevent exposed credentials at scale.

May 16, 20266 min read
devsecops (Page 18) — Safeguard Blog