Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

AI Security

Claude Code and AI Coding Agent Security Basics

Anthropic Claude Code security rests on permission gating, sandboxed execution, and human approval for risky actions — the same fundamentals any AI coding agent needs before it's allowed to run commands or edit code unattended.

Apr 9, 20265 min read
AppSec

Running DAST, SAST, and SCA in One Pipeline

Running sast dast sca as three separate checkpoints instead of one correlated pipeline is why most security backlogs are full of duplicate, unprioritized noise.

Apr 9, 20266 min read
DevSecOps

Kubernetes and Infrastructure as Code security

Prisma Cloud pioneered infrastructure as code security scanning for Kubernetes, but alert fatigue and weak commit-level traceability leave real gaps. Here's how to close them.

Apr 9, 20267 min read
Container Security

Ignoring Docker Registry Certificates: A Security Anti-Pattern

Telling Docker to ignore certificate errors fixes the immediate pull failure but quietly disables the check that confirms you're actually talking to your registry and not an attacker.

Apr 9, 20266 min read
DevSecOps

What Is the CI/CD Pipeline (and CI/CD security)?

CI/CD pipelines now hold more privileged access than any other system — yet they're the least monitored. Here's what CI/CD pipeline security really requires.

Apr 9, 20267 min read
DevSecOps

IDE-Time Feedback Loop For Supply Chain

The editor is the highest-leverage place to catch supply chain risk. A design guide for building IDE-time feedback that developers actually want.

Apr 8, 20267 min read
DevSecOps

What is DevSecOps

DevSecOps embeds security into every pipeline stage instead of a final review — here's what it means, how it works, and why Equifax and Log4Shell made it mandatory.

Apr 6, 20264 min read
DevSecOps

DevOps vs DevSecOps

DevOps ships code fast; DevSecOps ships it safely. Here's the concrete difference, backed by real breach data, costs, and pipeline mechanics.

Apr 6, 20267 min read
DevSecOps

What is a Secure SDLC (Software Development Life Cycle)

A secure SDLC embeds security into every dev phase, not just the end. Learn the model, frameworks, and pitfalls — with real breach examples.

Apr 6, 20267 min read
DevSecOps

PR-Time Policy Gates Developers Accept

The pull request is the highest-stakes moment in shift-left. A field guide to designing PR policy gates that block bad code without breaking trust.

Apr 4, 20267 min read
Software Supply Chain Security

What is Software Supply Chain Security

SolarWinds, Log4Shell, and XZ Utils show why software supply chain security now spans code, dependencies, and build pipelines alike.

Apr 4, 20267 min read
Software Supply Chain Security

What is a Software Supply Chain Attack

A software supply chain attack compromises trusted dependencies or build systems to spread malicious code downstream — here's how it works, and how to stop it.

Apr 4, 20267 min read
devsecops (Page 23) — Safeguard Blog