devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
715 articles
Dependabot vs. Renovate: Operational Experience
Both tools open the same kind of PR. The differences that matter at scale show up in configuration, grouping, platform support, and what happens when something breaks.
Open Source Static Code Analysis Tools
Open source static code analysis tools like Semgrep, CodeQL, and Bandit catch real bugs -- but miss supply-chain flaws like Log4Shell entirely.
How to implement least privilege IAM policies in AWS
A practical guide to building a least privilege IAM policy AWS teams can trust, using Access Advisor data and generator tooling to cut over-permissioning fast.
How to set up HashiCorp Vault for secrets management
A step-by-step guide to set up HashiCorp Vault for secrets management, covering installation, dynamic secrets, Kubernetes integration, and verification steps.
Enterprise Vulnerability Management Software: What Actually Matters
Most enterprise vulnerability management software is judged on scanner coverage, but the deployments that work are won on deduplication, prioritization, and ownership routing. Here is an evaluation framework grounded in how programs actually fail.
How to scan container images for vulnerabilities with Trivy
Learn how to scan container images with Trivy: install it, run your first scan, filter by severity, and gate builds automatically in CI/CD pipelines.
How to set up SAST scanning in a GitHub Actions pipeline
A step-by-step guide to setting up SAST scanning in GitHub Actions with CodeQL and Semgrep, including config, gating, and troubleshooting tips.
IaC Scanning Tools for Terraform and Beyond
IaC scanning tools catch misconfigured cloud resources before they're ever applied — the question is which ones actually understand Terraform's module graph instead of just its syntax.
CI/CD Security Tools, Organized by Pipeline Stage
A stage-by-stage map of CI/CD security tools — from pre-commit hooks to runtime protection — so you know which control belongs where instead of bolting everything onto one gate.
How to set up DAST scanning in a CI/CD pipeline
A practical guide to building a DAST scanning CI/CD pipeline with OWASP ZAP — setup, integration, rule tuning, and troubleshooting for real deployments.
How to rotate SSH keys safely
A step-by-step guide to rotating SSH keys without downtime: inventory existing keys, generate new pairs, cut over safely, revoke old keys, and verify nothing was missed.
How to configure GitHub branch protection rules
A practical guide to configuring GitHub branch protection rules — required reviews, status checks, and security settings that keep your main branch safe.