Safeguard
Tag

devsecops

Safeguard articles tagged "devsecops" — guides, analysis, and best practices for software supply chain and application security.

706 articles

Cloud Security

Infrastructure as Code Security Tools, Compared

Infrastructure as code security tools catch misconfigured cloud resources before they're ever provisioned — here's how the main options differ and where each one fits.

Feb 11, 20265 min read
Vulnerability Management

How to set up a vulnerability management program

A step-by-step guide to setting up a vulnerability management program: scanning schedules, risk-based triage, patch management, and metrics that hold up in an audit.

Feb 11, 20268 min read
DevSecOps

How to set up a CI/CD pipeline security gate

A practical, step-by-step guide to building a CI/CD pipeline security gate that scans, enforces vulnerability thresholds, and blocks risky builds without slowing developers down.

Feb 11, 20268 min read
Best Practices

FAQ: Building an AppSec Program From Scratch

How to stand up an application security program from zero in 2026 — headcount, tooling, first 90 days, metrics, and the traps that waste the first year.

Feb 10, 20267 min read
DevSecOps

How to secure Jenkins pipelines

A step-by-step guide to secure Jenkins pipelines: hardening the controller, fixing credentials management, RBAC setup, agent isolation, and supply chain verification.

Feb 10, 20268 min read
DevSecOps

Reproducible Builds: Why Bother in 2026?

Reproducible builds used to feel academic. After a decade of supply chain attacks, they are the shortest path from an SBOM to a verifiable artifact. Here is the case.

Feb 10, 20267 min read
Application Security

How to set up API rate limiting

A practical, step-by-step guide to setting up API rate limiting — gateway and app-layer configs, algorithm choices, per-endpoint tuning, and how to verify it actually blocks abuse.

Feb 10, 20267 min read
Enterprise

Agile Data Security Platforms: What the Label Actually Means

An agile data security platform is marketing shorthand for tools that adapt security controls as fast as data moves — here's what actually separates a real one from the label.

Feb 9, 20265 min read
Industry Analysis

How to automate TLS certificates with Let's Encrypt

A step-by-step guide to automating TLS certificates with Let's Encrypt using certbot and cert-manager, plus verification steps so renewals never silently fail.

Feb 9, 20268 min read
Incident Analysis

How to set up an incident response plan

A practical guide to building an incident response plan for software supply chain security, with a ready-to-use playbook template and concrete detection steps.

Feb 9, 20268 min read
Container Security

How to set up OPA Gatekeeper for Kubernetes admission con...

A step-by-step guide to OPA Gatekeeper Kubernetes admission control: install, write constraint templates, roll out safely, and verify enforcement.

Feb 8, 20267 min read
DevSecOps

What is a Monorepo

A monorepo houses many projects in one repository. Learn how Google, Meta, and Microsoft use them, and the blast-radius risks security teams must manage.

Feb 7, 20266 min read
devsecops (Page 33) — Safeguard Blog