devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
Claude Code and AI Coding Agent Security Basics
Anthropic Claude Code security rests on permission gating, sandboxed execution, and human approval for risky actions — the same fundamentals any AI coding agent needs before it's allowed to run commands or edit code unattended.
Running DAST, SAST, and SCA in One Pipeline
Running sast dast sca as three separate checkpoints instead of one correlated pipeline is why most security backlogs are full of duplicate, unprioritized noise.
Kubernetes and Infrastructure as Code security
Prisma Cloud pioneered infrastructure as code security scanning for Kubernetes, but alert fatigue and weak commit-level traceability leave real gaps. Here's how to close them.
Ignoring Docker Registry Certificates: A Security Anti-Pattern
Telling Docker to ignore certificate errors fixes the immediate pull failure but quietly disables the check that confirms you're actually talking to your registry and not an attacker.
What Is the CI/CD Pipeline (and CI/CD security)?
CI/CD pipelines now hold more privileged access than any other system — yet they're the least monitored. Here's what CI/CD pipeline security really requires.
IDE-Time Feedback Loop For Supply Chain
The editor is the highest-leverage place to catch supply chain risk. A design guide for building IDE-time feedback that developers actually want.
What is DevSecOps
DevSecOps embeds security into every pipeline stage instead of a final review — here's what it means, how it works, and why Equifax and Log4Shell made it mandatory.
DevOps vs DevSecOps
DevOps ships code fast; DevSecOps ships it safely. Here's the concrete difference, backed by real breach data, costs, and pipeline mechanics.
What is a Secure SDLC (Software Development Life Cycle)
A secure SDLC embeds security into every dev phase, not just the end. Learn the model, frameworks, and pitfalls — with real breach examples.
PR-Time Policy Gates Developers Accept
The pull request is the highest-stakes moment in shift-left. A field guide to designing PR policy gates that block bad code without breaking trust.
What is Software Supply Chain Security
SolarWinds, Log4Shell, and XZ Utils show why software supply chain security now spans code, dependencies, and build pipelines alike.
What is a Software Supply Chain Attack
A software supply chain attack compromises trusted dependencies or build systems to spread malicious code downstream — here's how it works, and how to stop it.