devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
Security Testing Automation: What to Automate, and What Not To
Security testing automation pays off fastest on repetitive, well-defined checks — here's a clear line between what to automate and what still needs a human.
What is Container Scanning
Container scanning finds known CVEs, secrets, and misconfigurations in image layers before deployment. Here's how it works and where it falls short.
State of DevSecOps 2026: What Teams Actually Ship
A senior-engineer review of DevSecOps in 2026: what teams ship in production, which controls moved the needle, and where most programs still stall.
3 Steps to Secure Container Images
A stock base image ships 180+ unused packages. Learn the 3 steps to secure container images: minimize, prioritize by reachability, and enforce.
What is Container Registry Security
Container registries are one of the highest-leverage attack points in the software supply chain. Here's what actually secures one, with real incidents and numbers.
What is Container Runtime Security
Container runtime security monitors running containers for malicious behavior that image scanning can't catch — here's how it works and why it matters.
Reachability Analysis For Monorepos And Microservices
Reachability across a monorepo or a microservices fleet needs different engineering than reachability inside a single service. Both are tractable; both have specific failure modes.
Shift-Left, Shift-Everywhere: Program Design
Shift-left is necessary but insufficient. A program design that distributes supply chain checks across IDE, CLI, PR, build, and runtime — without redundancy.
DevSecOps and Platform Engineering: The Convergence No One Expected
Platform engineering teams are becoming the new home for security controls. Here's why that is both promising and risky.
What is Container Monitoring
Container monitoring tracks metrics, logs, and runtime behavior across ephemeral containers—here's what it covers, why it matters, and how it differs from VM monitoring.
Top 5 Docker Security Vulnerabilities
Runc escapes, exposed daemons, stale base images, privileged containers, and leaked secrets: the five Docker vulnerabilities behind most real container breaches.
Dockerfile Security Best Practices
Six question-driven answers on Dockerfile hardening: pinning, root users, multi-stage builds, secrets, and the review gates that catch supply chain risk early.