devsecops
Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.
706 articles
How to implement software supply chain security with SLSA
A step-by-step guide to implement SLSA supply chain security: map risk, generate signed provenance, and enforce verification before deploy.
How to set up AWS CloudTrail logging
A step-by-step guide to setting up AWS CloudTrail logging, enabling it across all regions, validating log integrity, and building a solid audit logging setup.
How to set up secrets scanning in git repositories
A step-by-step guide to secrets scanning in git repositories using gitleaks and trufflehog, covering pre-commit hooks, CI enforcement, and history audits.
How to set up software composition analysis (SCA)
A practical, step-by-step guide to setting up software composition analysis: choosing a tool, setting policy, and integrating scans into CI/CD.
How to configure Falco for runtime security monitoring
A practical walkthrough to configure Falco runtime security in Kubernetes: install, customize rules, route alerts, tune noise, and verify detection end-to-end.
Supply Chain Security KPIs for Engineering Leaders
If you cannot measure your supply chain security posture, you cannot invest in it. Here are the KPIs that separate real programs from the theater.
How to set up AWS Secrets Manager with automatic rotation
A practical guide to setting up AWS Secrets Manager with automatic rotation via Lambda, including verification steps and a comparison to Parameter Store.
How to harden a Linux server
A step-by-step guide to harden Linux server security: SSH hardening, firewalls, patching, CIS benchmark alignment, and verification for production systems.
How to scan Terraform for misconfigurations with Checkov
A hands-on guide to running Checkov against Terraform, triaging findings, writing custom policies, and blocking IaC misconfigurations before they merge.
Renovate Bot Configuration Recipes for 2026
Renovate is the more powerful dependency-update bot, and its config surface is large. Here are the recipes worth knowing and the defaults worth overriding.
Best Container Security Tools in 2026
Image scanners, runtime sensors, and Kubernetes posture tools each catch different failures. Here is how the leading options compare in 2026 — and how to pick a stack without buying three overlapping scanners.
DevOps Metrics That Security Teams Should Watch Too
Deploy frequency and lead time aren't just engineering KPIs — read alongside vulnerability data, they tell security teams exactly where risk is accumulating.