devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
What is Configuration Drift
Configuration drift silently pulls live systems away from their secure baseline — and it's behind some of the largest cloud data exposures on record.
API Security Testing Checklist & Best Practices
A concrete API security testing checklist covering OWASP API Top 10 risks, BOLA, SSRF, testing cadence, SAST/DAST, and how Safeguard closes the gaps.
Developer Onboarding Supply Chain Controls Template
The first week is when developers form their habits. A template for onboarding new engineers into supply chain controls without overwhelming them.
How to Rotate Leaked Secrets With Automation (2026)
The 2026 playbook for automated secret rotation: detection pipelines, credential broker patterns, blast-radius analysis, and CI integration that actually holds up in production.
What Does a Product Security Engineer Actually Do?
Product security engineer isn't just AppSec with a different title — it's the role that owns security decisions inside the product itself, not just the pipeline that ships it.
What is CI/CD Pipeline Security
CI/CD pipeline security explained: how SolarWinds, Codecov, CircleCI, and tj-actions were breached, and concrete steps to lock down your build pipeline.
What is Continuous Security
Continuous security scans code, dependencies, containers, and infra on every commit — not once a quarter. Here's how it works and why it replaced periodic audits.
What is Shift Left Testing
Shift left testing moves security checks from a pre-release gate into commit, PR, and build time. Here's how it works, what it costs to skip, and its pitfalls.
What is Security as Code
Security as code turns policies and controls into version-controlled, pipeline-enforced rules. Here's what it looks like, why it matters, and how to adopt it.
What is CI/CD Pipeline Poisoning
CI/CD pipeline poisoning lets attackers hijack your build automation to steal secrets and plant backdoors. Here's how it works and how to stop it.
What is Artifact Signing
Artifact signing cryptographically verifies who built a software artifact and that it hasn't been tampered with — here's how it works and why it stops supply chain attacks.
What is Code Signing
Code signing proves who published software and that it wasn't tampered with — but SolarWinds, CCleaner, and 3CX show signed doesn't mean safe.