devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
Attack Surface Management (ASM): best practices guide
A practical attack surface management best practices guide for software supply chains, covering SBOMs, base image hardening, CI/CD exposure, and a 90-day rollout plan.
Managing risk in the software supply chain
Chainguard hardens base images, but that's one slice of supply chain risk. Here's what SolarWinds, Log4Shell, and XZ Utils reveal about the gaps — and how to close them.
Security automation: stop chasing vulnerabilities, start ...
Chasing CVEs doesn't scale — 40,000+ vulnerabilities were logged in 2024 alone. Here's why prevention-first automation beats patch-cycle chasing, and how it differs from Chainguard's approach.
Integrating Security Into the DevSecOps Toolchain
Integrating security into the DevSecOps toolchain works when scanning is wired into the tools engineers already use, not bolted on as a separate gate at the end.
Types of Open Source Licenses
A breakdown of permissive, copyleft, and source-available license types—MIT, GPL, AGPL, SSPL—and why misclassified licenses create hidden supply chain risk.
How DevOps Teams Actually Use AI Today
How can a DevOps team take advantage of artificial intelligence without adding risk? Mostly by pointing it at toil — log triage, test generation, and incident summarization — not by handing it the keys to production.
Vulnerability management for the modern engineering team
A vulnerability management program for engineering teams needs more than zero-CVE base images. Here's how Safeguard closes the gaps Chainguard leaves open.
CLI Tool Design For Developer Security Checks
A security CLI lives or dies on the experience of typing it. A design guide for building security tooling that respects the developer's terminal.
SBOM automation from creation to scanning & analysis
SBOM generation alone isn't enough. See how continuous SBOM automation — from creation to scanning and analysis — closes the gaps left by point-in-time tools.
Tackling SBOM sprawl across an organization
SBOM generation has outpaced SBOM management. Here's why sprawl happens, what it costs in incident response and audits, and how to consolidate it for good.
SBOM GitHub Action / dropping SBOM tooling into CI workflows
Adding an SBOM GitHub Action like Anchore's is easy; making the output useful isn't. Here's what breaks in real CI pipelines and how to fix it.
What is Container Security? (definition, lifecycle, threats)
Container security spans build, ship, and runtime: scanning, SBOMs, Kubernetes hardening, and runtime detection. How it works, and where Anchore leaves gaps.