Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

715 articles

DevSecOps

Dependabot vs. Renovate: Operational Experience

Both tools open the same kind of PR. The differences that matter at scale show up in configuration, grouping, platform support, and what happens when something breaks.

Feb 20, 20267 min read
Tools

Open Source Static Code Analysis Tools

Open source static code analysis tools like Semgrep, CodeQL, and Bandit catch real bugs -- but miss supply-chain flaws like Log4Shell entirely.

Feb 20, 20268 min read
Cloud Security

How to implement least privilege IAM policies in AWS

A practical guide to building a least privilege IAM policy AWS teams can trust, using Access Advisor data and generator tooling to cut over-permissioning fast.

Feb 20, 20268 min read
Cryptography

How to set up HashiCorp Vault for secrets management

A step-by-step guide to set up HashiCorp Vault for secrets management, covering installation, dynamic secrets, Kubernetes integration, and verification steps.

Feb 20, 20267 min read
DevSecOps

Enterprise Vulnerability Management Software: What Actually Matters

Most enterprise vulnerability management software is judged on scanner coverage, but the deployments that work are won on deduplication, prioritization, and ownership routing. Here is an evaluation framework grounded in how programs actually fail.

Feb 19, 20267 min read
Container Security

How to scan container images for vulnerabilities with Trivy

Learn how to scan container images with Trivy: install it, run your first scan, filter by severity, and gate builds automatically in CI/CD pipelines.

Feb 19, 20267 min read
DevSecOps

How to set up SAST scanning in a GitHub Actions pipeline

A step-by-step guide to setting up SAST scanning in GitHub Actions with CodeQL and Semgrep, including config, gating, and troubleshooting tips.

Feb 18, 20267 min read
Cloud Security

IaC Scanning Tools for Terraform and Beyond

IaC scanning tools catch misconfigured cloud resources before they're ever applied — the question is which ones actually understand Terraform's module graph instead of just its syntax.

Feb 18, 20265 min read
DevSecOps

CI/CD Security Tools, Organized by Pipeline Stage

A stage-by-stage map of CI/CD security tools — from pre-commit hooks to runtime protection — so you know which control belongs where instead of bolting everything onto one gate.

Feb 18, 20266 min read
DevSecOps

How to set up DAST scanning in a CI/CD pipeline

A practical guide to building a DAST scanning CI/CD pipeline with OWASP ZAP — setup, integration, rule tuning, and troubleshooting for real deployments.

Feb 18, 20267 min read
Identity Security

How to rotate SSH keys safely

A step-by-step guide to rotating SSH keys without downtime: inventory existing keys, generate new pairs, cut over safely, revoke old keys, and verify nothing was missed.

Feb 18, 20268 min read
Software Supply Chain Security

How to configure GitHub branch protection rules

A practical guide to configuring GitHub branch protection rules — required reviews, status checks, and security settings that keep your main branch safe.

Feb 18, 20268 min read
devsecops (Page 31) — Safeguard Blog