Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Cloud Security

Why Cloud Security Outcomes Depend on Developers, Not Gatekeepers

Gartner projected 99% of cloud security failures through 2025 would be the customer's fault — the fix is guardrails developers own, not a central team reviewing after the fact.

Jul 12, 20267 min read
Container Security

The Four Most Common Docker Image Vulnerabilities (And How to Fix Them)

Sysdig found 76% of containers still run as root — one of four Docker image flaws that turn a routine build into a host compromise.

Jul 12, 20266 min read
DevSecOps

Securing Playwright E2E Tests in GitHub Actions Without Leaking Secrets

A 2025 supply-chain attack on tj-actions/changed-files hit 23,000+ repos and dumped secrets into public logs — the same CI patterns power most Playwright pipelines.

Jul 12, 20267 min read
DevSecOps

Piping security findings into your observability stack

OCSF just cleared ITU review for ratification by June 2026 — here's how to route vulnerability and scan data into Datadog or New Relic without drowning your on-call rotation.

Jul 12, 20266 min read
Cloud Security

A guide to scanning Terraform IaC for misconfigurations before deployment

tfsec folded into Trivy in February 2023. Sentinel gates plans in Terraform Enterprise. Here's how to catch misconfigured infrastructure before it's ever provisioned.

Jul 12, 20266 min read
DevSecOps

Where Security Gates Belong in Your CI/CD Pipeline

23.8 million secrets leaked on public GitHub in 2024 alone. The fix isn't more scanners — it's putting the right gate at the right stage and tuning out the noise.

Jul 11, 20267 min read
Container Security

A Practical Container Security Checklist: From Base Image to Runtime

Standard Docker Hub images ship 50-60 known CVEs on average. Here's the checklist that gets containers from base image to runtime without carrying them along.

Jul 10, 20266 min read
DevSecOps

Embedding security-by-design into DevSecOps risk management across the SDLC

NIST's SSDF turns 'shift left' into eleven concrete practices — but a framework on paper doesn't stop a bad merge. Here's how to make it enforceable.

Jul 10, 20267 min read
DevSecOps

Credential rotation playbook after npm worm exposure

A step-by-step rotation runbook for security teams exposed to the Shai-Hulud npm worm — what to revoke first, how to verify a credential is dead, and how to prevent a repeat.

Jul 9, 20266 min read
DevSecOps

Why developers stop trusting AI-generated vulnerability fixes

Trust in AI-generated code fell to 29% in 2025, yet 84% of developers keep using it anyway — the gap is a UX problem, not a model problem.

Jul 9, 20267 min read
DevSecOps

A reference architecture for automating security gates in CI/CD

29M hardcoded secrets leaked in 2025 alone. Here's a gate architecture — SAST, SCA, secrets, IaC — that catches that without adding a day to your release cycle.

Jul 9, 20267 min read
DevSecOps

The DevSecOps metrics that actually indicate program maturity

CISA's KEV directive now demands 3-day fixes for the riskiest bugs. Here's why raw finding counts are the wrong way to measure a DevSecOps program.

Jul 9, 20267 min read
devsecops (Page 2) — Safeguard Blog