Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Infrastructure Security

What is Configuration Drift

Configuration drift silently pulls live systems away from their secure baseline — and it's behind some of the largest cloud data exposures on record.

Mar 11, 20267 min read
Application Security

API Security Testing Checklist & Best Practices

A concrete API security testing checklist covering OWASP API Top 10 risks, BOLA, SSRF, testing cadence, SAST/DAST, and how Safeguard closes the gaps.

Mar 11, 20267 min read
DevSecOps

Developer Onboarding Supply Chain Controls Template

The first week is when developers form their habits. A template for onboarding new engineers into supply chain controls without overwhelming them.

Mar 10, 20268 min read
Best Practices

How to Rotate Leaked Secrets With Automation (2026)

The 2026 playbook for automated secret rotation: detection pipelines, credential broker patterns, blast-radius analysis, and CI integration that actually holds up in production.

Mar 10, 20268 min read
Culture

What Does a Product Security Engineer Actually Do?

Product security engineer isn't just AppSec with a different title — it's the role that owns security decisions inside the product itself, not just the pipeline that ships it.

Mar 9, 20266 min read
DevSecOps

What is CI/CD Pipeline Security

CI/CD pipeline security explained: how SolarWinds, Codecov, CircleCI, and tj-actions were breached, and concrete steps to lock down your build pipeline.

Mar 8, 20266 min read
DevSecOps

What is Continuous Security

Continuous security scans code, dependencies, containers, and infra on every commit — not once a quarter. Here's how it works and why it replaced periodic audits.

Mar 8, 20266 min read
DevSecOps

What is Shift Left Testing

Shift left testing moves security checks from a pre-release gate into commit, PR, and build time. Here's how it works, what it costs to skip, and its pitfalls.

Mar 7, 20267 min read
DevSecOps

What is Security as Code

Security as code turns policies and controls into version-controlled, pipeline-enforced rules. Here's what it looks like, why it matters, and how to adopt it.

Mar 7, 20267 min read
DevSecOps

What is CI/CD Pipeline Poisoning

CI/CD pipeline poisoning lets attackers hijack your build automation to steal secrets and plant backdoors. Here's how it works and how to stop it.

Mar 7, 20267 min read
DevSecOps

What is Artifact Signing

Artifact signing cryptographically verifies who built a software artifact and that it hasn't been tampered with — here's how it works and why it stops supply chain attacks.

Mar 7, 20266 min read
DevSecOps

What is Code Signing

Code signing proves who published software and that it wasn't tampered with — but SolarWinds, CCleaner, and 3CX show signed doesn't mean safe.

Mar 6, 20266 min read
devsecops (Page 28) — Safeguard Blog